PDA

View Full Version : google redirect



shcorley
2012-01-05, 04:47
I keep getting redirected in firefox and explorer and taken to random sites.

I've run lavasoft ad-adware and spybot, but can't uncover the issue.

here is the dds
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 9.0.8112.16421
Run by Holly at 21:38:01 on 2012-01-04
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4056.3246 [GMT -5:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: AntiVir Desktop *Enabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\ctfmon.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.dell.com
uDefault_Page_URL = hxxp://www.dell.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
StartupFolder: C:\Users\Holly\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Holly\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: DhcpNameServer = 192.168.5.1
TCP: Interfaces\{302245DC-2E29-41B5-9422-3D20B34F161D} : DhcpNameServer = 192.168.5.1
TCP: Interfaces\{302245DC-2E29-41B5-9422-3D20B34F161D}\D4F445F425F4C414D23344236354 : DhcpNameServer = 24.247.15.53 66.189.0.100 24.178.162.3
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
BHO-X64: Ad-Aware Security Toolbar - No File
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Holly\AppData\Roaming\Mozilla\Firefox\Profiles\7b5zwuw5.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/?_bc=1
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe [2011-5-22 89600]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-5-29 136360]
S2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-5-29 269480]
S2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-27 136176]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-11-3 2152152]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-5-29 1153368]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-27 136176]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2012-1-2 17152]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-01-05 01:51:44 -------- d-----w- C:\Program Files (x86)\PC Tools Security
2012-01-05 01:51:44 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2012-01-05 01:46:36 -------- d-----w- C:\ProgramData\PC Tools
2012-01-04 22:36:07 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F8B773C8-37FC-4371-B953-C765B082B5DB}\offreg.dll
2012-01-03 21:21:40 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F8B773C8-37FC-4371-B953-C765B082B5DB}\mpengine.dll
2012-01-02 21:12:53 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
2012-01-02 21:05:57 -------- d-----w- C:\Users\Holly\AppData\Local\adaware
2012-01-02 21:05:55 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection
2012-01-02 21:05:51 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner
2012-01-02 21:05:48 -------- d-----w- C:\Program Files (x86)\adawaretb
2012-01-02 21:05:40 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys
2012-01-02 21:05:32 -------- d-----w- C:\Program Files (x86)\Lavasoft
2011-12-31 01:34:13 684297 ----a-w- C:\unhide.exe
2011-12-31 01:28:32 -------- d-----w- C:\Users\Holly\AppData\Roaming\Malwarebytes
2011-12-31 01:28:16 -------- d-----w- C:\ProgramData\Malwarebytes
2011-12-31 01:28:15 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-12-30 23:09:04 363520 ----a-w- C:\scott kill.com
2011-12-30 23:08:41 363520 ----a-w- C:\rkill.com
2011-12-27 02:58:00 -------- d-----r- C:\Users\Holly\Dropbox
2011-12-27 02:56:34 -------- d-----w- C:\Users\Holly\AppData\Roaming\Dropbox
2011-12-18 22:37:30 72192 ------w- C:\Users\Holly\~WRL0523.tmp
2011-12-18 22:37:30 70656 ------w- C:\Users\Holly\~WRL3926.tmp
2011-12-14 00:05:44 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2011-12-14 00:05:25 723456 ----a-w- C:\Windows\System32\EncDec.dll
2011-12-14 00:05:25 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-12-14 00:05:25 3145216 ----a-w- C:\Windows\System32\win32k.sys
2011-12-14 00:05:21 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-12-14 00:05:21 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-12-10 17:03:55 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2011-12-10 17:03:55 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2011-12-10 17:03:55 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2011-12-10 17:03:55 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2011-12-10 17:03:55 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2011-12-10 17:03:55 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2011-12-10 17:03:55 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2011-12-10 16:58:26 -------- d-----w- C:\Program Files\iPod
2011-12-10 16:58:25 -------- d-----w- C:\Program Files\iTunes
2011-12-10 16:58:25 -------- d-----w- C:\Program Files (x86)\iTunes
2011-12-10 16:50:46 -------- d-----w- C:\Program Files\Bonjour
2011-12-10 16:50:46 -------- d-----w- C:\Program Files (x86)\Bonjour
.
==================== Find3M ====================
.
2011-11-16 23:07:13 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll
2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-10-24 19:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2011-10-24 19:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
.
============= FINISH: 21:45:58.14 ===============

ken545
2012-01-10, 23:32
:snwelcome:


Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

Running programs with Vista or Windows 7 , you need to Right Click on the program and select RUN AS ADMINISTATOR




Most times when there are redirects there is a Rootkit infection involved, lets check


Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
http://public.avast.com/~gmerek/aswMBR1.png

On completion of the scan click save log, save it to your desktop and post in your next reply
http://public.avast.com/~gmerek/aswMBR2.png

shcorley
2012-01-11, 06:04
Thank you for responding.
Should i run this in safe mode or normal widows mode?

shcorley
2012-01-11, 06:31
I tried to run in both safe mode and normal mode, but the program wouldn't run. When started i got a do you want to allow the following program to make changes to this computer. I checked yes, then the pop up disappeared and nothing happened. I checked no aand the same thing.

I have disabled virus scan feom sbybot (including tea timer), avira and anti-malware.

-scott

shcorley
2012-01-11, 06:48
When i shut down, windows just installed two updates. I didnt mean to have it do it, but it warned not to power off and i didnt notice a prompt allowing me to deny before it started. Sorry if this makes things more difficult.

-scott

ken545
2012-01-11, 10:53
Good Morning Scott,


Download ComboFix from one of these locations:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)


* IMPORTANT !!! Save ComboFix.exe to your Desktop


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.


Double click on ComboFix.exe & follow the prompts.


As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.


Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



http://img.photobucket.com/albums/v706/ried7/RC1.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

shcorley
2012-01-12, 02:46
thank you Ken.

Here is the combofix.txt results

ComboFix 12-01-10.02 - Holly 01/11/2012 18:46:52.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4056.2345 [GMT -5:00]
Running from: c:\users\Holly\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\~D1HvKDMjQmwkVt
c:\programdata\~D1HvKDMjQmwkVtr
c:\programdata\D1HvKDMjQmwkVt
c:\users\Holly\~WRL0523.tmp
c:\users\Holly\~WRL3926.tmp
c:\windows\system32\java.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-12-12 to 2012-01-12 )))))))))))))))))))))))))))))))
.
.
2012-01-12 00:21 . 2012-01-12 00:21 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9C2E6EC2-381A-4DCF-A98C-D5132342F8F4}\offreg.dll
2012-01-12 00:16 . 2012-01-12 00:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-11 04:13 . 2012-01-11 04:13 -------- d-----w- c:\program files (x86)\ERUNT
2012-01-10 15:40 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9C2E6EC2-381A-4DCF-A98C-D5132342F8F4}\mpengine.dll
2012-01-07 00:26 . 2012-01-11 04:34 -------- d-----w- c:\users\Holly\AppData\Local\Diagnostics
2012-01-05 01:46 . 2012-01-05 02:10 -------- d-----w- c:\programdata\PC Tools
2012-01-02 21:12 . 2012-01-02 21:12 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-01-02 21:05 . 2012-01-02 21:05 -------- d-----w- c:\users\Holly\AppData\Local\adaware
2012-01-02 21:05 . 2012-01-11 04:25 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2012-01-02 21:05 . 2012-01-02 21:05 -------- d-----w- c:\program files (x86)\Toolbar Cleaner
2012-01-02 21:05 . 2012-01-02 21:05 -------- d-----w- c:\program files (x86)\adawaretb
2012-01-02 21:05 . 2011-11-03 17:06 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys
2012-01-02 21:05 . 2012-01-02 21:05 -------- d-----w- c:\programdata\Lavasoft
2012-01-02 21:05 . 2012-01-02 21:05 -------- d-----w- c:\program files (x86)\Lavasoft
2011-12-31 01:34 . 2011-12-31 01:29 684297 ----a-w- C:\unhide.exe
2011-12-31 01:28 . 2011-12-31 01:28 -------- d-----w- c:\users\Holly\AppData\Roaming\Malwarebytes
2011-12-31 01:28 . 2011-12-31 01:28 -------- d-----w- c:\programdata\Malwarebytes
2011-12-31 01:28 . 2011-12-31 01:28 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-30 23:09 . 2010-09-14 02:12 363520 ----a-w- C:\scott kill.com
2011-12-30 23:08 . 2010-09-14 02:12 363520 ----a-w- C:\rkill.com
2011-12-27 02:58 . 2012-01-12 00:21 -------- d-----r- c:\users\Holly\Dropbox
2011-12-27 02:56 . 2012-01-12 00:21 -------- d-----w- c:\users\Holly\AppData\Roaming\Dropbox
2011-12-14 00:05 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-14 00:05 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-12-14 00:05 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2011-12-14 00:05 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-14 00:05 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-14 00:05 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-16 23:07 . 2011-05-28 01:38 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-24 19:29 . 2011-10-24 19:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 19:29 . 2011-10-24 19:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2011-10-21 09:10 87440 ----a-w- c:\program files (x86)\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2011-10-21 87440]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Holly\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Holly\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Holly\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
.
c:\users\Holly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Holly\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-12-5 24242056]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-5-27 110592]
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe"
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-27 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-27 136176]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe [2009-03-03 89600]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-03-28 136360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-11-03 2152152]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2012-01-02 17152]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - LAVASOFT_KERNEXPLORER
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-27 22:59]
.
2012-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-27 22:59]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Holly\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Holly\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Holly\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Holly\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-01-18 368640]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-02-26 487424]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-30 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-30 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-30 365080]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-07-02 3180624]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.dell.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.5.1
FF - ProfilePath - c:\users\Holly\AppData\Roaming\Mozilla\Firefox\Profiles\7b5zwuw5.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/?_bc=1
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2012-01-11 19:42:08 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-12 00:41
.
Pre-Run: 267,814,797,312 bytes free
Post-Run: 267,687,251,968 bytes free
.
- - End Of File - - 317C894471D9140002C6E326609D71C6

ken545
2012-01-12, 03:10
Hi,

Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)


Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please





OTL by OldTimer

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

shcorley
2012-01-12, 03:55
Ken, here are the malware results....

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.12.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Holly :: HOLLY-PC [administrator]

1/11/2012 8:50:22 PM
mbam-log-2012-01-11 (20-50-22).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 175914
Time elapsed: 3 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0

shcorley
2012-01-12, 04:05
OTL logfile created on: 1/11/2012 8:58:50 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Holly\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 2.68 Gb Available Physical Memory | 67.54% Memory free
7.92 Gb Paging File | 6.43 Gb Available in Paging File | 81.19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287.27 Gb Total Space | 249.43 Gb Free Space | 86.83% Space Free | Partition Type: NTFS

Computer Name: HOLLY-PC | User Name: Holly | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Holly\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()

shcorley
2012-01-12, 04:06
OTL Extras logfile created on: 1/11/2012 8:58:50 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Holly\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 2.68 Gb Available Physical Memory | 67.54% Memory free
7.92 Gb Paging File | 6.43 Gb Available in Paging File | 81.19% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287.27 Gb Total Space | 249.43 Gb Free Space | 86.83% Space Free | Partition Type: NTFS

Computer Name: HOLLY-PC | User Name: Holly | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-3384869757-1886810002-3943362877-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit)
"{6CFB1B20-ECAE-488F-9FFB-6AD420882E71}" = iTunes
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{D1829BE5-F305-4576-9593-C66FC7E0B008}" = iCloud
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Dell Wireless WLAN Card Utility" = Dell Wireless WLAN Card Utility
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00030409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Small Business
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{932D0FC7-6DF1-4136-A2EC-166E8DEFD6A4}" = Ad-Aware
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{D52ECEBC-9B20-41A5-81C4-A62DE2367419}" = Adobe Creative Suite
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"adawaretb" = Ad-Aware Security Toolbar
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"ERUNT_is1" = ERUNT 1.1j
"Google Chrome" = Google Chrome
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3384869757-1886810002-3943362877-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/5/2012 6:44:39 PM | Computer Name = Holly-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5369367

Error - 1/5/2012 6:44:55 PM | Computer Name = Holly-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/5/2012 6:44:55 PM | Computer Name = Holly-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5384952

Error - 1/5/2012 6:44:55 PM | Computer Name = Holly-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5384952

Error - 1/5/2012 6:45:11 PM | Computer Name = Holly-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/5/2012 6:45:11 PM | Computer Name = Holly-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5400552

Error - 1/5/2012 6:45:11 PM | Computer Name = Holly-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5400552

Error - 1/5/2012 6:45:26 PM | Computer Name = Holly-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/5/2012 6:45:26 PM | Computer Name = Holly-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5416152

Error - 1/5/2012 6:45:26 PM | Computer Name = Holly-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5416152

[ System Events ]
Error - 11/11/2011 8:34:21 AM | Computer Name = Holly-PC | Source = DCOM | ID = 10010
Description =

Error - 11/15/2011 4:32:44 PM | Computer Name = Holly-PC | Source = Service Control Manager | ID = 7031
Description = The Print Spooler service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 11/16/2011 9:27:28 PM | Computer Name = Holly-PC | Source = DCOM | ID = 10010
Description =

Error - 12/1/2011 1:37:42 PM | Computer Name = Holly-PC | Source = Service Control Manager | ID = 7031
Description = The Print Spooler service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 12/2/2011 4:12:19 PM | Computer Name = Holly-PC | Source = DCOM | ID = 10010
Description =

Error - 12/2/2011 4:17:28 PM | Computer Name = Holly-PC | Source = DCOM | ID = 10010
Description =

Error - 12/2/2011 4:17:30 PM | Computer Name = Holly-PC | Source = DCOM | ID = 10010
Description =

Error - 12/8/2011 5:20:38 PM | Computer Name = Holly-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the upnphost service.

Error - 12/10/2011 12:57:02 PM | Computer Name = Holly-PC | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 12/10/2011 1:04:45 PM | Computer Name = Holly-PC | Source = DCOM | ID = 10010
Description =


< End of report >

ken545
2012-01-12, 11:13
Good Morning, you posted the entire Extras log but only a small part of the original one which I need to see, OTL.txt is the one I want

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.

shcorley
2012-01-12, 14:43
Good morning Ken. Now that I look at the post I see I must have only grabbed the begining of the OTL.txt file. I'll open it and repaste when I get home tonight.

-Scott

shcorley
2012-01-13, 01:37
OTL logfile created on: 1/11/2012 8:58:50 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Holly\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 2.68 Gb Available Physical Memory | 67.54% Memory free
7.92 Gb Paging File | 6.43 Gb Available in Paging File | 81.19% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287.27 Gb Total Space | 249.43 Gb Free Space | 86.83% Space Free | Partition Type: NTFS

Computer Name: HOLLY-PC | User Name: Holly | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Holly\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()


========== Win32 Services (SafeList) ==========

SRV:[b]64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (wltrysvc) -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (Lbd) -- C:\Windows\SysNative\drivers\Lbd.sys (Lavasoft AB)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\bcm42rly.sys (Broadcom Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (Lavasoft Kernexplorer) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3384869757-1886810002-3943362877-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
IE - HKU\S-1-5-21-3384869757-1886810002-3943362877-1001\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKU\S-1-5-21-3384869757-1886810002-3943362877-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3384869757-1886810002-3943362877-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/?_bc=1"
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/10 12:03:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/05/27 17:56:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Holly\AppData\Roaming\Mozilla\Extensions
[2012/01/02 16:05:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Holly\AppData\Roaming\Mozilla\Firefox\Profiles\7b5zwuw5.default\extensions
[2012/01/02 16:05:50 | 000,000,000 | ---D | M] (Ad-Aware Security Toolbar) -- C:\Users\Holly\AppData\Roaming\Mozilla\Firefox\Profiles\7b5zwuw5.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2011/05/27 17:58:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/12/27 22:53:18 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/11/14 18:57:11 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/07 15:29:55 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/14 18:57:11 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/01/11 19:20:03 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Holly\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-3384869757-1886810002-3943362877-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3384869757-1886810002-3943362877-1001\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-3384869757-1886810002-3943362877-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.5.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{302245DC-2E29-41B5-9422-3D20B34F161D}: DhcpNameServer = 192.168.5.1
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/11 20:56:07 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Holly\Desktop\OTL.exe
[2012/01/11 20:48:55 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/01/11 19:42:51 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/01/11 18:38:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/11 18:38:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/11 18:38:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/11 18:37:34 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/01/11 18:35:02 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/11 18:32:07 | 004,377,322 | R--- | C] (Swearware) -- C:\Users\Holly\Desktop\ComboFix.exe
[2012/01/10 23:13:31 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/10 23:13:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/01/10 23:13:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2012/01/06 19:26:59 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Local\Diagnostics
[2012/01/04 21:52:54 | 000,000,000 | ---D | C] -- C:\Users\Holly\Desktop\scott's stuff
[2012/01/04 20:51:44 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/01/04 20:46:36 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/01/02 16:12:53 | 000,055,384 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2012/01/02 16:05:57 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Local\adaware
[2012/01/02 16:05:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2012/01/02 16:05:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner
[2012/01/02 16:05:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\adawaretb
[2012/01/02 16:05:40 | 000,069,376 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2012/01/02 16:05:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2012/01/02 16:05:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2012/01/02 16:05:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2011/12/30 22:44:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/12/30 22:41:36 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\Holly\Desktop\spybotsd162(2).exe
[2011/12/30 20:36:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2011/12/30 20:28:32 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Roaming\Malwarebytes
[2011/12/30 20:28:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/30 20:28:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/30 20:28:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/12/26 21:58:00 | 000,000,000 | R--D | C] -- C:\Users\Holly\Dropbox
[2011/12/26 21:57:07 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2011/12/26 21:56:34 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Roaming\Dropbox
[2011/12/17 09:23:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/12/14 15:17:13 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/12/14 15:17:13 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/12/14 15:17:11 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/12/14 15:17:11 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/12/14 15:17:11 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/12/14 15:17:11 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/12/14 15:17:09 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011/12/14 15:17:09 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011/12/14 15:17:08 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/12/14 15:17:08 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/12/14 15:17:08 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/12/13 19:05:44 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2011/12/13 19:05:25 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011/12/13 19:05:25 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll

========== Files - Modified Within 30 Days ==========

[2012/01/11 20:56:08 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Holly\Desktop\OTL.exe
[2012/01/11 20:48:58 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/11 20:43:47 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/11 20:43:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/11 19:26:46 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/11 19:26:46 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/11 19:20:03 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/01/11 19:19:25 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/11 19:19:09 | 3190,050,816 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/11 18:32:35 | 004,377,322 | R--- | M] (Swearware) -- C:\Users\Holly\Desktop\ComboFix.exe
[2012/01/10 23:46:59 | 000,740,374 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/10 23:46:59 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/10 23:46:59 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/07 19:10:48 | 000,000,000 | ---- | M] () -- C:\Users\Holly\AppData\Local\{47AB1DD2-BE55-4AEE-850A-E1445F1D92C7}
[2012/01/07 00:58:39 | 000,002,346 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/01/04 21:16:53 | 000,440,010 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120104-213414.backup
[2012/01/02 16:12:46 | 000,055,384 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2012/01/02 16:05:42 | 000,001,062 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/12/30 22:56:15 | 000,001,318 | ---- | M] () -- C:\Users\Holly\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/12/30 22:56:15 | 000,001,294 | ---- | M] () -- C:\Users\Holly\Desktop\Spybot - Search & Destroy.lnk
[2011/12/30 22:43:17 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\Holly\Desktop\spybotsd162(2).exe
[2011/12/30 20:29:10 | 000,684,297 | ---- | M] () -- C:\unhide.exe
[2011/12/30 20:16:07 | 000,011,882 | -HS- | M] () -- C:\Users\Holly\AppData\Local\t62f2qh120o2wr57270ydgu50mfu507bb6r5
[2011/12/30 20:16:07 | 000,011,882 | -HS- | M] () -- C:\ProgramData\t62f2qh120o2wr57270ydgu50mfu507bb6r5
[2011/12/27 19:26:54 | 000,000,260 | ---- | M] () -- C:\Windows\wininit.ini
[2011/12/26 21:58:00 | 000,001,043 | ---- | M] () -- C:\Users\Holly\Desktop\Dropbox.lnk
[2011/12/26 21:57:13 | 000,001,023 | ---- | M] () -- C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011/12/26 21:39:55 | 082,885,256 | ---- | M] () -- C:\Users\Holly\Desktop\avira_free_antivirus_en.exe
[2011/12/22 10:00:37 | 000,025,543 | ---- | M] () -- C:\Users\Holly\Documents\barn.jpg
[2011/12/17 09:23:05 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/12/14 15:36:05 | 000,281,760 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/01/11 18:38:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/11 18:38:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/11 18:38:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/11 18:38:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/11 18:38:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/07 19:10:48 | 000,000,000 | ---- | C] () -- C:\Users\Holly\AppData\Local\{47AB1DD2-BE55-4AEE-850A-E1445F1D92C7}
[2012/01/02 16:05:42 | 000,001,062 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/12/30 22:44:44 | 000,001,318 | ---- | C] () -- C:\Users\Holly\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/12/30 22:44:44 | 000,001,294 | ---- | C] () -- C:\Users\Holly\Desktop\Spybot - Search & Destroy.lnk
[2011/12/30 20:36:33 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/12/30 20:36:33 | 000,002,346 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/12/30 20:36:33 | 000,002,072 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/12/30 20:36:33 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/12/30 20:36:33 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/12/30 20:36:33 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/12/30 20:36:33 | 000,001,144 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/12/30 20:36:28 | 000,002,311 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2011/12/30 20:36:28 | 000,001,996 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
[2011/12/30 20:36:26 | 000,002,673 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Outlook.lnk
[2011/12/30 20:36:26 | 000,002,657 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Excel.lnk
[2011/12/30 20:36:26 | 000,002,655 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Word.lnk
[2011/12/30 20:36:26 | 000,002,633 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CS.lnk
[2011/12/30 20:36:26 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/12/30 20:36:26 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/12/30 20:36:26 | 000,002,125 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady CS.lnk
[2011/12/30 20:36:26 | 000,002,118 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS.lnk
[2011/12/30 20:36:26 | 000,001,979 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Help Documentation.lnk
[2011/12/30 20:36:26 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011/12/30 20:36:26 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2011/12/30 20:36:26 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011/12/30 20:36:26 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2011/12/30 20:36:26 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011/12/30 20:36:26 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2011/12/30 20:36:26 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2011/12/30 20:36:26 | 000,001,156 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/12/30 20:34:13 | 000,684,297 | ---- | C] () -- C:\unhide.exe
[2011/12/30 20:28:18 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/30 20:11:45 | 000,011,882 | -HS- | C] () -- C:\Users\Holly\AppData\Local\t62f2qh120o2wr57270ydgu50mfu507bb6r5
[2011/12/30 20:11:45 | 000,011,882 | -HS- | C] () -- C:\ProgramData\t62f2qh120o2wr57270ydgu50mfu507bb6r5
[2011/12/30 18:09:04 | 000,363,520 | ---- | C] () -- C:\scott kill.com
[2011/12/30 18:08:41 | 000,363,520 | ---- | C] () -- C:\rkill.com
[2011/12/27 19:26:54 | 000,000,260 | ---- | C] () -- C:\Windows\wininit.ini
[2011/12/26 21:58:00 | 000,001,043 | ---- | C] () -- C:\Users\Holly\Desktop\Dropbox.lnk
[2011/12/26 21:57:13 | 000,001,023 | ---- | C] () -- C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011/12/26 21:31:11 | 082,885,256 | ---- | C] () -- C:\Users\Holly\Desktop\avira_free_antivirus_en.exe
[2011/12/22 10:00:36 | 000,025,543 | ---- | C] () -- C:\Users\Holly\Documents\barn.jpg
[2011/05/27 18:11:32 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\FileOps.exe
[2011/05/27 18:02:25 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/05/27 18:00:27 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/05/22 15:08:37 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2011/05/22 15:08:37 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2011/05/22 15:08:37 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2011/05/22 15:08:36 | 000,433,024 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2012/01/11 19:21:05 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\Dropbox
[2011/10/16 12:03:43 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

ken545
2012-01-13, 02:01
Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL




:processes
killallprocesses

:OTL
[2012/01/04 21:16:53 | 000,440,010 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120104-213414.backup
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

:Services

:Reg

:Files
ipconfig /flushdns /c


:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

shcorley
2012-01-13, 03:11
\All processes killed
========== PROCESSES ==========
========== OTL ==========
C:\Windows\SysNative\drivers\etc\hosts.20120104-213414.backup moved successfully.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Holly\Desktop\cmd.bat deleted successfully.
C:\Users\Holly\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Holly
->Temp folder emptied: 167771 bytes
->Temporary Internet Files folder emptied: 17951676 bytes
->Java cache emptied: 20649 bytes
->FireFox cache emptied: 54605165 bytes
->Flash cache emptied: 190610 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 608 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67563 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 70.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 01122012_200240

Files\Folders moved on Reboot...
C:\Users\Holly\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Holly\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5WR9L3DD\style-nurse[1].htc moved successfully.

Registry entries deleted on Reboot...

shcorley
2012-01-13, 03:21
OTL logfile created on: 1/12/2012 8:12:08 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Holly\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 2.52 Gb Available Physical Memory | 63.55% Memory free
7.92 Gb Paging File | 6.34 Gb Available in Paging File | 80.09% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287.27 Gb Total Space | 249.29 Gb Free Space | 86.78% Space Free | Partition Type: NTFS

Computer Name: HOLLY-PC | User Name: Holly | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Holly\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Holly\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()


========== Win32 Services (SafeList) ==========

SRV:[b]64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (wltrysvc) -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (Lbd) -- C:\Windows\SysNative\drivers\Lbd.sys (Lavasoft AB)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\bcm42rly.sys (Broadcom Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (Lavasoft Kernexplorer) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3384869757-1886810002-3943362877-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
IE - HKU\S-1-5-21-3384869757-1886810002-3943362877-1001\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKU\S-1-5-21-3384869757-1886810002-3943362877-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3384869757-1886810002-3943362877-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/?_bc=1"
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/10 12:03:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/05/27 17:56:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Holly\AppData\Roaming\Mozilla\Extensions
[2012/01/02 16:05:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Holly\AppData\Roaming\Mozilla\Firefox\Profiles\7b5zwuw5.default\extensions
[2012/01/02 16:05:50 | 000,000,000 | ---D | M] (Ad-Aware Security Toolbar) -- C:\Users\Holly\AppData\Roaming\Mozilla\Firefox\Profiles\7b5zwuw5.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2011/05/27 17:58:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/12/27 22:53:18 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/11/14 18:57:11 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/07 15:29:55 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/14 18:57:11 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/01/12 20:02:44 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - Startup: C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Holly\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-3384869757-1886810002-3943362877-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3384869757-1886810002-3943362877-1001\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-3384869757-1886810002-3943362877-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.5.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{302245DC-2E29-41B5-9422-3D20B34F161D}: DhcpNameServer = 192.168.5.1
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/12 20:02:40 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/12 03:18:50 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/01/11 20:56:07 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Holly\Desktop\OTL.exe
[2012/01/11 19:42:51 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/01/11 18:38:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/11 18:38:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/11 18:38:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/11 18:37:34 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/01/11 18:36:26 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012/01/11 18:36:26 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012/01/11 18:36:25 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/01/11 18:36:25 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/01/11 18:36:23 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012/01/11 18:36:21 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012/01/11 18:36:21 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2012/01/11 18:35:02 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/11 18:32:07 | 004,377,322 | R--- | C] (Swearware) -- C:\Users\Holly\Desktop\ComboFix.exe
[2012/01/10 23:13:31 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/10 23:13:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/01/10 23:13:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2012/01/06 19:26:59 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Local\Diagnostics
[2012/01/04 21:52:54 | 000,000,000 | ---D | C] -- C:\Users\Holly\Desktop\scott's stuff
[2012/01/04 20:51:44 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/01/04 20:46:36 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/01/02 16:12:53 | 000,055,384 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2012/01/02 16:05:57 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Local\adaware
[2012/01/02 16:05:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2012/01/02 16:05:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner
[2012/01/02 16:05:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\adawaretb
[2012/01/02 16:05:40 | 000,069,376 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2012/01/02 16:05:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2012/01/02 16:05:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2012/01/02 16:05:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2011/12/30 22:44:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/12/30 22:41:36 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\Holly\Desktop\spybotsd162(2).exe
[2011/12/30 20:36:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2011/12/30 20:28:32 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Roaming\Malwarebytes
[2011/12/30 20:28:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/30 20:28:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/30 20:28:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/12/26 21:58:00 | 000,000,000 | R--D | C] -- C:\Users\Holly\Dropbox
[2011/12/26 21:57:07 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2011/12/26 21:56:34 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Roaming\Dropbox
[2011/12/17 09:23:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/12/14 15:17:13 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/12/14 15:17:13 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/12/14 15:17:11 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/12/14 15:17:11 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/12/14 15:17:11 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/12/14 15:17:11 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/12/14 15:17:09 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011/12/14 15:17:09 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011/12/14 15:17:08 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/12/14 15:17:08 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/12/14 15:17:08 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

========== Files - Modified Within 30 Days ==========

[2012/01/12 20:17:04 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/12 20:17:04 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/12 20:09:40 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/12 20:09:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/12 20:09:23 | 3190,050,816 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/12 20:02:44 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/01/12 20:00:29 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/11 20:56:08 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Holly\Desktop\OTL.exe
[2012/01/11 20:48:58 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/11 18:32:35 | 004,377,322 | R--- | M] (Swearware) -- C:\Users\Holly\Desktop\ComboFix.exe
[2012/01/10 23:46:59 | 000,740,374 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/10 23:46:59 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/10 23:46:59 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/07 19:10:48 | 000,000,000 | ---- | M] () -- C:\Users\Holly\AppData\Local\{47AB1DD2-BE55-4AEE-850A-E1445F1D92C7}
[2012/01/07 00:58:39 | 000,002,346 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/01/02 16:12:46 | 000,055,384 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2012/01/02 16:05:42 | 000,001,062 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/12/30 22:56:15 | 000,001,318 | ---- | M] () -- C:\Users\Holly\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/12/30 22:56:15 | 000,001,294 | ---- | M] () -- C:\Users\Holly\Desktop\Spybot - Search & Destroy.lnk
[2011/12/30 22:43:17 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\Holly\Desktop\spybotsd162(2).exe
[2011/12/30 20:29:10 | 000,684,297 | ---- | M] () -- C:\unhide.exe
[2011/12/30 20:16:07 | 000,011,882 | -HS- | M] () -- C:\Users\Holly\AppData\Local\t62f2qh120o2wr57270ydgu50mfu507bb6r5
[2011/12/30 20:16:07 | 000,011,882 | -HS- | M] () -- C:\ProgramData\t62f2qh120o2wr57270ydgu50mfu507bb6r5
[2011/12/27 19:26:54 | 000,000,260 | ---- | M] () -- C:\Windows\wininit.ini
[2011/12/26 21:58:00 | 000,001,043 | ---- | M] () -- C:\Users\Holly\Desktop\Dropbox.lnk
[2011/12/26 21:57:13 | 000,001,023 | ---- | M] () -- C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011/12/26 21:39:55 | 082,885,256 | ---- | M] () -- C:\Users\Holly\Desktop\avira_free_antivirus_en.exe
[2011/12/22 10:00:37 | 000,025,543 | ---- | M] () -- C:\Users\Holly\Documents\barn.jpg
[2011/12/17 09:23:05 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/12/14 15:36:05 | 000,281,760 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/01/11 18:38:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/11 18:38:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/11 18:38:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/11 18:38:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/11 18:38:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/07 19:10:48 | 000,000,000 | ---- | C] () -- C:\Users\Holly\AppData\Local\{47AB1DD2-BE55-4AEE-850A-E1445F1D92C7}
[2012/01/02 16:05:42 | 000,001,062 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/12/30 22:44:44 | 000,001,318 | ---- | C] () -- C:\Users\Holly\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/12/30 22:44:44 | 000,001,294 | ---- | C] () -- C:\Users\Holly\Desktop\Spybot - Search & Destroy.lnk
[2011/12/30 20:36:33 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/12/30 20:36:33 | 000,002,346 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/12/30 20:36:33 | 000,002,072 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/12/30 20:36:33 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/12/30 20:36:33 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/12/30 20:36:33 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/12/30 20:36:33 | 000,001,144 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/12/30 20:36:28 | 000,002,311 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2011/12/30 20:36:28 | 000,001,996 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
[2011/12/30 20:36:26 | 000,002,673 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Outlook.lnk
[2011/12/30 20:36:26 | 000,002,657 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Excel.lnk
[2011/12/30 20:36:26 | 000,002,655 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Word.lnk
[2011/12/30 20:36:26 | 000,002,633 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CS.lnk
[2011/12/30 20:36:26 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/12/30 20:36:26 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/12/30 20:36:26 | 000,002,125 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady CS.lnk
[2011/12/30 20:36:26 | 000,002,118 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS.lnk
[2011/12/30 20:36:26 | 000,001,979 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Help Documentation.lnk
[2011/12/30 20:36:26 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011/12/30 20:36:26 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2011/12/30 20:36:26 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011/12/30 20:36:26 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2011/12/30 20:36:26 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011/12/30 20:36:26 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2011/12/30 20:36:26 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2011/12/30 20:36:26 | 000,001,156 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/12/30 20:34:13 | 000,684,297 | ---- | C] () -- C:\unhide.exe
[2011/12/30 20:28:18 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/30 20:11:45 | 000,011,882 | -HS- | C] () -- C:\Users\Holly\AppData\Local\t62f2qh120o2wr57270ydgu50mfu507bb6r5
[2011/12/30 20:11:45 | 000,011,882 | -HS- | C] () -- C:\ProgramData\t62f2qh120o2wr57270ydgu50mfu507bb6r5
[2011/12/30 18:09:04 | 000,363,520 | ---- | C] () -- C:\scott kill.com
[2011/12/30 18:08:41 | 000,363,520 | ---- | C] () -- C:\rkill.com
[2011/12/27 19:26:54 | 000,000,260 | ---- | C] () -- C:\Windows\wininit.ini
[2011/12/26 21:58:00 | 000,001,043 | ---- | C] () -- C:\Users\Holly\Desktop\Dropbox.lnk
[2011/12/26 21:57:13 | 000,001,023 | ---- | C] () -- C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011/12/26 21:31:11 | 082,885,256 | ---- | C] () -- C:\Users\Holly\Desktop\avira_free_antivirus_en.exe
[2011/12/22 10:00:36 | 000,025,543 | ---- | C] () -- C:\Users\Holly\Documents\barn.jpg
[2011/05/27 18:11:32 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\FileOps.exe
[2011/05/27 18:02:25 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/05/27 18:00:27 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/05/22 15:08:37 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2011/05/22 15:08:37 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2011/05/22 15:08:37 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2011/05/22 15:08:36 | 000,433,024 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

< End of report >

ken545
2012-01-13, 13:22
Great

Part of the fix was removing a back up of your hosts file which was infected and in the process we replaced the current one with a new one.


ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.

Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.
Accept any security warnings from your browser.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png
Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.

shcorley
2012-01-14, 07:01
There were no threats found, so no log file to create

ken545
2012-01-14, 12:47
:bigthumb:

How is your system behaving now ?

shcorley
2012-01-14, 16:17
it's still redirecting me

ken545
2012-01-14, 17:34
Hey,

Lets dig deeper


Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1 (http://jpshortstuff.247fixes.com/GooredFix.exe)
Download Mirror #2 (http://downloads.securitycadets.com/GooredFix.exe)
Ensure all Firefox windows are closed.
To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
When prompted to run the scan, click Yes.
GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).





Then try aswMBR again, even if safemode if needed


To Enter Safemode

Go to Start> Shut off your Computer> Restart
As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
this will bring up a menu.
Use the Up and Down Arrow Keys to scroll up to Safemode with Networking
Then press the Enter Key on your Keyboard

Tutorial if you need it How to boot into Safemode (http://www.bleepingcomputer.com/tutorials/tutorial61.html)





Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
http://public.avast.com/~gmerek/aswMBR1.png

On completion of the scan click save log, save it to your desktop and post in your next reply
http://public.avast.com/~gmerek/aswMBR2.png

shcorley
2012-01-14, 18:55
GooredFix by jpshortstuff (03.07.10.1)
Log created at 11:54 on 14/01/2012 (Holly)
Firefox version 8.0 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files (x86)\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [22:58 27/05/2011]
{972ce4c6-7e08-4474-a285-3208198ce6fd} [22:55 27/05/2011]

C:\Users\Holly\Application Data\Mozilla\Firefox\Profiles\7b5zwuw5.default\extensions\
{87934c42-161d-45bc-8cef-ef18abe2a30c} [21:05 02/01/2012]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
(none)

-=E.O.F=-

shcorley
2012-01-14, 19:03
I ran Goored Fix in Safe mode (was that a mistake?)

Now i tried to run aswMBR and it doesn't appear to do anything.

When I go to talk manager the following processes are running:
csrss.exe
ctfmon.exe
explorer.exe
taskmgr.exe
winlogon.exe

The memory number for explorer keeps climbing. The others all stay the same.

-Scott

shcorley
2012-01-14, 19:03
sorry *task* manager

ken545
2012-01-14, 23:21
Run this program please

Please download TDSSKiller.zip (http://support.kaspersky.com/downloads/utils/tdsskiller.zip)
Extract it to your desktop
Double click TDSSKiller.exe
Press Start Scan

Only if Malicious objects are found then ensure Cure is selected
Then click Continue > Reboot now

Copy and paste the log in your next reply

A copy of the log will be saved automatically to the root of the drive (typically C:\)

shcorley
2012-01-14, 23:47
this one does not run either.

ken545
2012-01-15, 00:56
Lets see if these will run

Download MBRCheck.exe (http://ad13.geekstogo.com/MBRCheck.exe) to your desktop.
Be sure to disable your security programs
Double click on the file to run it
A window will open on your desktop
if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
If nothing unusual is found just press Enter A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
Please post the contents of that file.




Download the GMER Rootkit Scanner (http://www.gmer.net/gmer.zip). Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double click GMER.exe.
http://img.photobucket.com/albums/v666/sUBs/gmer_zip.gif
If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)
http://www.geekstogo.com/misc/guide_icons/GMER_thumb.jpg (http://www.geekstogo.com/misc/guide_icons/GMER_instructions.jpg)
Click the image to enlarge it

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
Save the log where you can easily find it, such as your desktop.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.

shcorley
2012-01-15, 05:04
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Inspiron 1545
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 152):
0x01C1F000 \SystemRoot\system32\ntoskrnl.exe
0x02208000 \SystemRoot\system32\hal.dll
0x00BBA000 \SystemRoot\system32\kdcom.dll
0x00CF9000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00D48000 \SystemRoot\system32\PSHED.dll
0x00D5C000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00EC6000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F6A000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F79000 \SystemRoot\system32\drivers\ACPI.sys
0x00FD0000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00FD9000 \SystemRoot\system32\drivers\msisadrv.sys
0x00E00000 \SystemRoot\system32\drivers\pci.sys
0x00E33000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00E40000 \SystemRoot\System32\drivers\partmgr.sys
0x00E55000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00E5E000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00E6A000 \SystemRoot\system32\drivers\volmgr.sys
0x0108C000 \SystemRoot\System32\drivers\volmgrx.sys
0x010E8000 \SystemRoot\System32\drivers\mountmgr.sys
0x01259000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x01375000 \SystemRoot\system32\drivers\amdxata.sys
0x01380000 \SystemRoot\system32\drivers\fltmgr.sys
0x013CC000 \SystemRoot\system32\drivers\fileinfo.sys
0x013E0000 \SystemRoot\system32\DRIVERS\Lbd.sys
0x01413000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01102000 \SystemRoot\System32\Drivers\msrpc.sys
0x015B6000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01160000 \SystemRoot\System32\Drivers\cng.sys
0x015D1000 \SystemRoot\System32\drivers\pcw.sys
0x015E2000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01611000 \SystemRoot\system32\drivers\ndis.sys
0x01704000 \SystemRoot\system32\drivers\NETIO.SYS
0x01764000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01862000 \SystemRoot\System32\drivers\tcpip.sys
0x01A66000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01AB0000 \SystemRoot\system32\drivers\volsnap.sys
0x01B04000 \SystemRoot\System32\drivers\rdyboost.sys
0x01B3E000 \SystemRoot\System32\Drivers\mup.sys
0x01B50000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01B59000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01B93000 \SystemRoot\system32\DRIVERS\disk.sys
0x01BA9000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x02D56000 \SystemRoot\System32\Drivers\Null.SYS
0x02D5F000 \SystemRoot\System32\Drivers\Beep.SYS
0x02D66000 \SystemRoot\System32\drivers\vga.sys
0x02D74000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x02D99000 \SystemRoot\System32\drivers\watchdog.sys
0x02DA9000 \SystemRoot\system32\drivers\rdpencdd.sys
0x02DB2000 \SystemRoot\System32\Drivers\Msfs.SYS
0x02DBD000 \SystemRoot\System32\Drivers\Npfs.SYS
0x02DCE000 \SystemRoot\system32\DRIVERS\tdx.sys
0x02DF0000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x01000000 \SystemRoot\system32\drivers\afd.sys
0x01800000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02C00000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x02C0B000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x0178F000 \SystemRoot\system32\DRIVERS\pacer.sys
0x01845000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x02C14000 \SystemRoot\system32\DRIVERS\netbios.sys
0x01200000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x01BE7000 \SystemRoot\system32\drivers\nsiproxy.sys
0x017B5000 \SystemRoot\System32\Drivers\dfsc.sys
0x017D3000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x01BF3000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x02EBF000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x02F15000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x02F26000 \SystemRoot\system32\drivers\HDAudBus.sys
0x032F5000 \SystemRoot\system32\DRIVERS\bcmwl664.sys
0x0359D000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x03200000 \SystemRoot\system32\DRIVERS\yk62x64.sys
0x03264000 \SystemRoot\system32\drivers\i8042prt.sys
0x03282000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0x032CD000 \SystemRoot\system32\drivers\mouclass.sys
0x032DC000 \SystemRoot\system32\drivers\kbdclass.sys
0x035AA000 \SystemRoot\system32\drivers\cdrom.sys
0x035D4000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x035E1000 \SystemRoot\system32\drivers\wmiacpi.sys
0x035EA000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x02F4A000 \SystemRoot\system32\drivers\CompositeBus.sys
0x02F5A000 \SystemRoot\system32\drivers\mssmbios.sys
0x02F65000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x02F7B000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x02F9F000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x02FAB000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x02FDA000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x02E00000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x02E21000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x02E3B000 \SystemRoot\system32\drivers\termdd.sys
0x035FB000 \SystemRoot\system32\drivers\swenum.sys
0x02E4F000 \SystemRoot\system32\drivers\ks.sys
0x02E92000 \SystemRoot\system32\drivers\umbus.sys
0x0307A000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x030D4000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x030E9000 \SystemRoot\System32\Drivers\crashdmp.sys
0x02C23000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x030F7000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x00040000 \SystemRoot\System32\win32k.sys
0x0310A000 \SystemRoot\System32\drivers\Dxapi.sys
0x03116000 \SystemRoot\System32\Drivers\RtsUStor.sys
0x03150000 \SystemRoot\System32\Drivers\USBD.SYS
0x00530000 \SystemRoot\System32\drivers\dxg.sys
0x00640000 \SystemRoot\System32\TSDDD.dll
0x00830000 \SystemRoot\System32\framebuf.dll
0x03152000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x0316F000 \SystemRoot\system32\drivers\WudfPf.sys
0x03190000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x031E3000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x03000000 \SystemRoot\system32\DRIVERS\bowser.sys
0x0301E000 \SystemRoot\System32\drivers\mpsdrv.sys
0x03036000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x05E1D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x05E6B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x76E40000 \Windows\System32\ntdll.dll
0x47740000 \Windows\System32\smss.exe
0xFF160000 \Windows\System32\apisetschema.dll
0xFF3C0000 \Windows\System32\autochk.exe
0xFF140000 \Windows\System32\nsi.dll
0xFF0A0000 \Windows\System32\msvcrt.dll
0xFF030000 \Windows\System32\gdi32.dll
0xFEF50000 \Windows\System32\advapi32.dll
0xFEED0000 \Windows\System32\difxapi.dll
0xFECF0000 \Windows\System32\setupapi.dll
0xFEC70000 \Windows\System32\shlwapi.dll
0xFEBD0000 \Windows\System32\comdlg32.dll
0x77010000 \Windows\System32\psapi.dll
0xFEB00000 \Windows\System32\usp10.dll
0xFEAD0000 \Windows\System32\imm32.dll
0xFE9A0000 \Windows\System32\rpcrt4.dll
0xFE8C0000 \Windows\System32\oleaut32.dll
0xFDB30000 \Windows\System32\shell32.dll
0x76CF0000 \Windows\System32\urlmon.dll
0xFD920000 \Windows\System32\ole32.dll
0xFD900000 \Windows\System32\sechost.dll
0xFD8A0000 \Windows\System32\Wldap32.dll
0xFD890000 \Windows\System32\lpk.dll
0x76BD0000 \Windows\System32\kernel32.dll
0xFD780000 \Windows\System32\msctf.dll
0x76AD0000 \Windows\System32\user32.dll
0xFD730000 \Windows\System32\ws2_32.dll
0xFD710000 \Windows\System32\imagehlp.dll
0x768C0000 \Windows\System32\iertutil.dll
0x77000000 \Windows\System32\normaliz.dll
0x76760000 \Windows\System32\wininet.dll
0xFD670000 \Windows\System32\clbcatq.dll
0xFD500000 \Windows\System32\crypt32.dll
0xFD460000 \Windows\System32\comctl32.dll
0xFD440000 \Windows\System32\devobj.dll
0xFD400000 \Windows\System32\wintrust.dll
0xFD3C0000 \Windows\System32\cfgmgr32.dll
0xFD350000 \Windows\System32\KernelBase.dll
0xFD340000 \Windows\System32\msasn1.dll

Processes (total 28):
0 System Idle Process
4 System
300 C:\Windows\System32\smss.exe
372 csrss.exe
420 C:\Windows\System32\wininit.exe
428 csrss.exe
488 C:\Windows\System32\services.exe
496 C:\Windows\System32\lsass.exe
504 C:\Windows\System32\lsm.exe
544 C:\Windows\System32\winlogon.exe
632 C:\Windows\System32\svchost.exe
708 C:\Windows\System32\svchost.exe
796 C:\Windows\System32\svchost.exe
844 C:\Windows\System32\svchost.exe
912 C:\Windows\System32\svchost.exe
956 C:\Windows\System32\svchost.exe
984 C:\Windows\System32\svchost.exe
1044 C:\Windows\System32\svchost.exe
1136 C:\Windows\explorer.exe
1360 C:\Windows\System32\ctfmon.exe
1864 C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe
1888 C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe
1736 C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe
1900 C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe
1992 C:\Windows\System32\svchost.exe
1920 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
1700 C:\Users\Holly\Desktop\MBRCheck.exe
1264 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`b4400000 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK3265GSX, Rev: GJ003D

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!

shcorley
2012-01-15, 05:47
GMER found nothing and the log file is empty

ken545
2012-01-15, 15:12
Good Morning,

There are threats going around now that are infecting your Master Boot Record and your MBRCheck log looks fine.


Are both browsers still being redirected and if so where to ?


Try this other rootkit scanner


Please choose one link and download Rootkit Unhooker and save it to your desktop.
Link 1 (http://www.kernelmode.info/ARKs/RKUnhookerLE.EXE)
Link 2 (http://www.kernelmode.info/ARKs/RKUnhookerLE.zip)
Link 3 (http://www.kernelmode.info/ARKs/RkU3.8.388.590.rar)

Now double-click on RKUnhookerLE.exe to run it.
Click the Report tab, then click Scan.
Check (Tick) Drivers and Stealth
Uncheck the rest. then click OK
When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
Wait till the scanner has finished and then click File > Save Report.
Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in your next reply.


Note** you may get the following warning, just click OK and continue.

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"






Then drag Combofix to the trash and redownload a fresh updated copy, run it and post the log please



Download ComboFix from one of these locations:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)


* IMPORTANT !!! Save ComboFix.exe to your Desktop


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.


Double click on ComboFix.exe & follow the prompts.


As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.


Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



http://img.photobucket.com/albums/v706/ried7/RC1.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

shcorley
2012-01-15, 16:17
Firefox redirect to:
63.209.69.107/search/web/Holly%20Corley/a21/empireppc-440-direc40/v5

when I searched my wife's name it was for a linked in link, but went to the above instead.

Explorer is doing similar
gimmeanswers.org/search/v_q17/results.php?search=Holly%20Corley&aff=empireppc-440-direc40

is where it sends me.

I'll run the other programs after church today.

-scott

shcorley
2012-01-15, 16:19
I'm still running in safe mode. Should I do this in that manner or switch to normal windows?

I have stayed in safe mode since you asked me to a couple of posts ago.

ken545
2012-01-15, 18:00
Normal mode is fine if you can

shcorley
2012-01-16, 00:52
Rootkit unhooker won't run

here is the error log it generated

Exception code : 0xC0000005
Instruction address : 0x00402EAA
Attempt to read at address : 0xFFFFFFFF

I'll now try to run in Safe mode and see what happens

shcorley
2012-01-16, 00:58
won't work in safe mode either.

Should I still run combofix? I'll wait further instructions.

Thanks for you efforts, Ken.

-Scott

ken545
2012-01-16, 02:26
Go ahead and run Combofix Scott

shcorley
2012-01-17, 03:42
ComboFix 12-01-16.04 - Holly 01/16/2012 19:39:24.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4056.2547 [GMT -5:00]
Running from: c:\users\Holly\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-12-17 to 2012-01-17 )))))))))))))))))))))))))))))))
.
.
2012-01-17 01:13 . 2012-01-17 01:13 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6F54C6AC-72CB-4466-A742-69A90267151B}\offreg.dll
2012-01-17 01:08 . 2012-01-17 01:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-15 22:45 . 2012-01-15 22:56 35712 ----a-w- c:\windows\SysWow64\drivers\BlackBox.sys
2012-01-15 03:00 . 2012-01-15 03:00 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-15 03:00 . 2012-01-15 03:00 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-15 03:00 . 2012-01-15 03:00 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-15 03:00 . 2012-01-15 03:00 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
2012-01-14 03:28 . 2012-01-14 03:28 -------- d-----w- c:\program files (x86)\ESET
2012-01-13 19:38 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6F54C6AC-72CB-4466-A742-69A90267151B}\mpengine.dll
2012-01-13 01:02 . 2012-01-13 01:02 -------- d-----w- C:\_OTL
2012-01-11 23:36 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 23:36 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-11 23:36 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 23:36 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-11 23:36 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 23:36 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-11 23:36 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-11 23:36 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-11 04:13 . 2012-01-11 04:13 -------- d-----w- c:\program files (x86)\ERUNT
2012-01-07 00:26 . 2012-01-11 04:34 -------- d-----w- c:\users\Holly\AppData\Local\Diagnostics
2012-01-05 01:46 . 2012-01-05 02:10 -------- d-----w- c:\programdata\PC Tools
2012-01-02 21:12 . 2012-01-02 21:12 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-01-02 21:05 . 2012-01-02 21:05 -------- d-----w- c:\users\Holly\AppData\Local\adaware
2012-01-02 21:05 . 2012-01-11 04:25 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2012-01-02 21:05 . 2012-01-02 21:05 -------- d-----w- c:\program files (x86)\Toolbar Cleaner
2012-01-02 21:05 . 2012-01-02 21:05 -------- d-----w- c:\program files (x86)\adawaretb
2012-01-02 21:05 . 2011-11-03 17:06 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys
2012-01-02 21:05 . 2012-01-02 21:05 -------- d-----w- c:\programdata\Lavasoft
2012-01-02 21:05 . 2012-01-02 21:05 -------- d-----w- c:\program files (x86)\Lavasoft
2011-12-31 01:34 . 2011-12-31 01:29 684297 ----a-w- C:\unhide.exe
2011-12-31 01:28 . 2011-12-31 01:28 -------- d-----w- c:\users\Holly\AppData\Roaming\Malwarebytes
2011-12-31 01:28 . 2011-12-31 01:28 -------- d-----w- c:\programdata\Malwarebytes
2011-12-31 01:28 . 2012-01-12 01:49 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-30 23:09 . 2010-09-14 02:12 363520 ----a-w- C:\scott kill.com
2011-12-30 23:08 . 2010-09-14 02:12 363520 ----a-w- C:\rkill.com
2011-12-27 02:58 . 2012-01-17 01:12 -------- d-----r- c:\users\Holly\Dropbox
2011-12-27 02:56 . 2012-01-17 01:12 -------- d-----w- c:\users\Holly\AppData\Roaming\Dropbox
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-24 04:52 . 2011-12-14 00:05 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-16 23:07 . 2011-05-28 01:38 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-05 05:32 . 2011-12-14 00:05 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 04:26 . 2011-12-14 00:05 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-04 01:53 . 2011-12-14 20:17 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-11-04 01:44 . 2011-12-14 20:17 1390080 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 01:44 . 2011-12-14 20:17 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 01:34 . 2011-12-14 20:17 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-03 22:47 . 2011-12-14 20:17 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-11-03 22:40 . 2011-12-14 20:17 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-11-03 22:39 . 2011-12-14 20:17 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-03 22:31 . 2011-12-14 20:17 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-10-26 05:21 . 2011-12-14 00:05 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-24 19:29 . 2011-10-24 19:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 19:29 . 2011-10-24 19:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-12_00.21.00 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-01-12 00:19 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-01-17 00:27 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-01-17 00:27 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-12 00:19 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-17 00:27 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-12 00:19 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-05-28 11:50 . 2012-01-17 01:13 33944 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-01-17 01:13 38808 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:46 . 2012-01-13 01:08 91888 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-01-12 08:11 . 2012-01-12 08:11 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\94787ab3efcc074396a60ff3d83edf78\System.Web.DynamicData.Design.ni.dll
+ 2011-05-27 23:16 . 2012-01-17 01:13 9736 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3384869757-1886810002-3943362877-1001_UserData.bin
+ 2012-01-17 01:11 . 2012-01-17 01:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-01-12 00:19 . 2012-01-12 00:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-01-12 00:19 . 2012-01-12 00:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-01-17 01:11 . 2012-01-17 01:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-06-30 20:20 . 2012-01-14 16:52 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2011-06-30 20:20 . 2012-01-12 00:19 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2011-05-29 00:03 . 2012-01-14 16:19 232858 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 05:01 . 2012-01-12 00:18 244568 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-01-17 01:10 244568 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-07-01 16:46 . 2010-11-20 13:27 465920 c:\windows\ehome\mstvcapn.dll
+ 2012-01-11 23:36 . 2011-10-29 05:23 465920 c:\windows\ehome\mstvcapn.dll
+ 2012-01-12 08:11 . 2012-01-12 08:11 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\8e576ae7d946a5440bddfdbe06818a8b\System.Web.Routing.ni.dll
+ 2012-01-12 08:11 . 2012-01-12 08:11 860160 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\5bd4f855a0b0386cb4baf093216ad2d3\System.Web.Extensions.Design.ni.dll
+ 2012-01-12 08:11 . 2012-01-12 08:11 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\8d56e2f2a05dbde707d87cb3bdf0dffc\System.Web.Entity.ni.dll
+ 2012-01-12 08:11 . 2012-01-12 08:11 301568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\f560658d9ee6d2786cab976e775758d6\System.Web.Entity.Design.ni.dll
+ 2012-01-12 08:11 . 2012-01-12 08:11 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\e94f08faeb08a8ee9d51a3480083bd07\System.Web.DynamicData.ni.dll
+ 2012-01-12 08:11 . 2012-01-12 08:11 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\2dc7ec41005f6e6fe45e0cc0a20a12bc\System.Web.Abstractions.ni.dll
+ 2012-01-12 08:10 . 2012-01-12 08:10 763392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\e6fa2be533d9e540ccafe51980ae0103\System.Data.Entity.Design.ni.dll
- 2009-07-14 04:45 . 2012-01-11 23:30 7114300 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-01-12 08:20 7114300 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-05-27 23:13 . 2012-01-17 01:10 2657632 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3384869757-1886810002-3943362877-1001-8192.dat
+ 2012-01-12 08:11 . 2012-01-12 08:11 1358336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\a612958eaf641f0ba83b0daae44cb7b1\System.WorkflowServices.ni.dll
+ 2012-01-12 08:11 . 2012-01-12 08:11 2209792 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\d957ec1fb12ff02282a7f73d6318b66b\System.Web.Mobile.ni.dll
+ 2012-01-12 08:11 . 2012-01-12 08:11 2404352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\a90f033a5a062ff29f7df8f9edc1a80c\System.Web.Extensions.ni.dll
+ 2012-01-12 08:10 . 2012-01-12 08:10 1707008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\828e31a37bfd9d432083be6307845630\System.ServiceModel.Web.ni.dll
+ 2012-01-12 08:10 . 2012-01-12 08:10 1083392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c0d9df88f2b37d14cf416281364c5b7f\System.IdentityModel.ni.dll
+ 2012-01-12 08:10 . 2012-01-12 08:10 2029568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\76e676a9b6387aad5544d61a4ac12a78\System.Data.Services.ni.dll
+ 2012-01-12 08:10 . 2012-01-12 08:10 6438912 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\20d18697deb8413c01119531c6b987ad\MIGUIControls.ni.dll
+ 2012-01-12 08:10 . 2012-01-12 08:10 1670144 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\dd759df05fad8dc6d3404e8e02b40819\Microsoft.VisualBasic.ni.dll
+ 2012-01-12 08:10 . 2012-01-12 08:10 1681920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\695508ea67706e5f66208cabe5363099\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-01-12 08:10 . 2012-01-12 08:10 1009664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\5662462cfa995c71817791af93686db2\Microsoft.MediaCenter.ni.dll
+ 2012-01-12 08:10 . 2012-01-12 08:10 6499840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\4676e3f99469bd1120f8aed9cf37e4d2\Microsoft.MediaCenter.UI.ni.dll
+ 2011-09-11 13:22 . 2012-01-12 08:01 54008112 c:\windows\system32\MRT.exe
+ 2012-01-12 08:10 . 2012-01-12 08:10 17478656 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\7bc7e33d4568a214f226cdb6a161a37a\System.ServiceModel.ni.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2011-10-21 09:10 87440 ----a-w- c:\program files (x86)\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2011-10-21 87440]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Holly\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Holly\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Holly\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
.
c:\users\Holly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Holly\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-12-5 24242056]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-5-27 110592]
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe"
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
.
R0 BlackBox;BlackBox SR2; [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-27 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-27 136176]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe [2009-03-03 89600]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-03-28 136360]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-11-03 2152152]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2012-01-02 17152]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - LAVASOFT_KERNEXPLORER
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-17 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-11-03 17:06]
.
2012-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-27 22:59]
.
2012-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-27 22:59]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Holly\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Holly\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Holly\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Holly\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-01-18 368640]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-02-26 487424]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-30 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-30 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-30 365080]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.dell.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.5.1
FF - ProfilePath - c:\users\Holly\AppData\Roaming\Mozilla\Firefox\Profiles\7b5zwuw5.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/?_bc=1
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
c:\program files (x86)\Common Files\Java\Java Update\jusched.exe
.
**************************************************************************
.
Completion time: 2012-01-16 20:32:47 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-17 01:32
ComboFix2.txt 2012-01-12 00:42
.
Pre-Run: 264,804,761,600 bytes free
Post-Run: 264,548,384,768 bytes free
.
- - End Of File - - 3EE1782161C743A904DA2F8C9D1AAA63

ken545
2012-01-17, 04:39
I am not seeing any of that in your log.

Open IE and go to Tools > Manage Add Ons > Search Providers and see if gimmeanswers is in there and if so delete it.



Open FF and go to Tools> Add Ons > Extensions and do the same thing.


Please download SuperAntiSpyware Free (http://www.superantispyware.com/superantispyware.html)
Install the program

Run SuperAntiSpyware and click: Check for updates
Once the update is finished, on the main screen, click: Scan your computer
Check: Perform Complete Scan
Click Next to start the scan.

Superantispyware scans the computer, and when finished, lists all the infections found.
Make sure everything found has a check next to it, and press: Next <-- Important
Then, click Finish

It is possible that the program asks to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
Click: Preferences
Click the Statistics/Logs tab
Under Scanner Logs, double-click SuperAntiSpyware Scan Log
It opens in your default text editor (such as Notepad)

Please provide the SuperAntiSpyware log in your next reply

shcorley
2012-01-17, 06:26
neither IE nor FF had anything like gimmeranswers in the add ons.

here is the superantispyware log posted in 2 parts
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/16/2012 at 11:16 PM

Application Version : 5.0.1142

Core Rules Database Version : 8134
Trace Rules Database Version: 5946

Scan type : Complete Scan
Total Scan Time : 00:41:46

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned : 577
Memory threats detected : 0
Registry items scanned : 70004
Registry threats detected : 0
File items scanned : 46979
File threats detected : 713

Adware.Tracking Cookie
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\NYY50X9I.txt [ /indieclick.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\FT5SKT9W.txt [ /d.mediadakine.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\4G3W9B5H.txt [ /questionmarket.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\5OX73EZH.txt [ /accounts.google.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\8JFI0TYL.txt [ /pro-market.net ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\1QEQ1MRE.txt [ /bevelwise.rotator.hadj7.adjuggler.net ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\1V4ZG000.txt [ /content.yieldmanager.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\M78ZKDZE.txt [ /insightexpressai.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\3JY666ME.txt [ /mediatraffic.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\GNQ16LT3.txt [ /pointroll.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\LUQ32691.txt [ /ru4.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\SFAPFS7V.txt [ /boom-find.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\P3A5A14L.txt [ /miva.cinomedia.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\T5NXM8NI.txt [ /adserver.adtechus.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\FJPG9U0O.txt [ /awesome-find.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\ZP7DJO1M.txt [ /yieldmanager.net ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\DJS49S34.txt [ /findsimle.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\KDGVH0G5.txt [ /findesop.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\MB94D7FU.txt [ /malakmedia.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\3NIKCGNY.txt [ /ox-d.fondnessmedia.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\P45OOZV7.txt [ /www.findallofittoday.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\E0WPZ0Z1.txt [ /adserver2.eclickz.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\7IIMQWC5.txt [ /blog.chitika.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\OVSPVODL.txt [ /fromtofind.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\WC2B5NV2.txt [ /harrenmedianetwork.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\2SL80N1Z.txt [ /adtech.de ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\V5JDO7XX.txt [ /mm.chitika.net ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\2UKYXPJM.txt [ /a1.interclick.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\1OM3XYPQ.txt [ /tribalfusion.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\D90AFD6A.txt [ /adxpose.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\Q5TTR7F3.txt [ /clicks.thespecialsearch.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\6KJSUWW5.txt [ /bs.serving-sys.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\ATUC9XHH.txt [ /findology.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\V6547A7J.txt [ /mediaservices-d.openxenterprise.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\FQDCO5A8.txt [ /collective-media.net ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\S2VIEF7V.txt [ /findedclik.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\075JCVMP.txt [ /lokyfind.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\EOAUA6ND.txt [ /atwola.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\U0B9TC0V.txt [ /media.adfrontiers.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\578XV9XZ.txt [ /chitika.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\H028SG6Q.txt [ /media6degrees.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\7AX1AJMR.txt [ /ad.360yield.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\DA3SS0C4.txt [ /pennyfinder.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\AH7K3ZTG.txt [ /invitemedia.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\LSKVW1AR.txt [ /ad.yieldmanager.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\OSBCHY7L.txt [ /advertise.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\X2ZAJZ5Y.txt [ /lucidmedia.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\V6HG4X7L.txt [ /at.atwola.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\3CXXQ188.txt [ /ads.adk2.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\SZ824DMP.txt [ /xml.trafficengine.net ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\FAY5BPK9.txt [ /banners.trafficengine.net ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\0UX3X5U5.txt [ /www.googleadservices.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\TTGCTU77.txt [ /revsci.net ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\FEENR2RH.txt [ /interclick.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\1V82UH8G.txt [ /weborama.fr ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\0W0HAMKX.txt [ /click.scour.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\2AUOC6SJ.txt [ /serving-sys.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\AAIPH3LD.txt [ /ads.pubmatic.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\HX2P4TS6.txt [ /adbrite.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\21WMB3QT.txt [ /realmedia.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\91F8GYG3.txt [ /amazon-adsystem.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\2SY0Y9AI.txt [ /tacoda.at.atwola.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\6KZ5SG5H.txt [ /ads.pointroll.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\NUXKSEKT.txt [ /mifind.net ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\G8Y5ASQY.txt [ /server.cpmstar.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\CL8TOAHU.txt [ /imrworldwide.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\R4V5LZSS.txt [ /perfind.net ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\DH1UDJBR.txt [ /goclicker.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\1EU8D0BK.txt [ /optimize.indieclick.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\NKH8QFHZ.txt [ /cn.clickable.net ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\3JZAKRMM.txt [ /www.citygridmedia.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\60S52ZWS.txt [ /klpfind.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\G27LL1G0.txt [ /test.sem-tracking-analytics.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\KWQ8MJ78.txt [ /www.networkadvertising.org ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\1D7YRP5A.txt [ /click.searchnation.net ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\HKP04TNR.txt [ /ad2.adfarm1.adition.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\KPAD0UL2.txt [ /intermundomedia.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\CM3QFECT.txt [ /mellfind.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\8PGVMZM0.txt [ /adfarm1.adition.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\DI375HAA.txt [ /ads.footar.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\LT319MGE.txt [ /buzz-media.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\ND212QID.txt [ /kontera.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\C3BACZ98.txt [ /network.realmedia.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\6V2MR805.txt [ /insights.chitika.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\WJENJH9Q.txt [ /orange-advertising.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\TXRI0JCW.txt [ /dmfind.net ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\1Z41NNKV.txt [ /stat.onestat.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\QC3Z6WOL.txt [ /clickkick.net ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\VCFY93S6.txt [ /bizzclick.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\T3UMBGZ9.txt [ /adinterax.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\4KZNNNY9.txt [ /seek-media.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\JVOW2F09.txt [ /smashfind.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\MUFIB3HX.txt [ /fidelity.rotator.hadj7.adjuggler.net ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\TGOA2J1L.txt [ /akamai.interclickproxy.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\CLIFDGHT.txt [ /xml.mediality.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\VRXBHJ33.txt [ /trafficmp.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\UC2R7OQ7.txt [ /findstops.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\KI3KVY69.txt [ /xm.xtendmedia.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\7PLH6QBC.txt [ /citygridmedia.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\VYL6YB4H.txt [ /ar.atwola.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\OQQH8BS0.txt [ /ads.undertone.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\NI3LR42W.txt [ /clicks.freesearchbuddy.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\8BLMHUJL.txt [ /stevesmithmedia.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\RW15CMW3.txt [ /ads.networldmedia.net ]
C:\USERS\HOLLY\AppData\Roaming\Microsoft\Windows\Cookies\SV07B70L.txt [ Cookie:holly@isourcecenter.com/click/ ]
C:\USERS\HOLLY\AppData\Roaming\Microsoft\Windows\Cookies\6MOLKWQV.txt [ Cookie:holly@indigo-search.com/click/ ]
C:\USERS\HOLLY\AppData\Roaming\Microsoft\Windows\Cookies\1UJGFWWI.txt [ Cookie:holly@seek-your.com/click/ ]
C:\USERS\HOLLY\AppData\Roaming\Microsoft\Windows\Cookies\Low\holly@pointroll[2].txt [ Cookie:holly@pointroll.com/ ]
C:\USERS\HOLLY\AppData\Roaming\Microsoft\Windows\Cookies\Low\holly@doubleclick[1].txt [ Cookie:holly@doubleclick.net/ ]
C:\USERS\HOLLY\AppData\Roaming\Microsoft\Windows\Cookies\Low\holly@ads.pointroll[1].txt [ Cookie:holly@ads.pointroll.com/ ]
C:\USERS\HOLLY\AppData\Roaming\Microsoft\Windows\Cookies\Low\MG06A7LG.txt [ Cookie:holly@imrworldwide.com/cgi-bin ]
C:\USERS\HOLLY\Cookies\NYY50X9I.txt [ Cookie:holly@indieclick.com/ ]
C:\USERS\HOLLY\Cookies\FT5SKT9W.txt [ Cookie:holly@d.mediadakine.com/ ]
C:\USERS\HOLLY\Cookies\4G3W9B5H.txt [ Cookie:holly@questionmarket.com/ ]
C:\USERS\HOLLY\Cookies\5OX73EZH.txt [ Cookie:holly@accounts.google.com/ ]
C:\USERS\HOLLY\Cookies\8JFI0TYL.txt [ Cookie:holly@pro-market.net/ ]
C:\USERS\HOLLY\Cookies\1QEQ1MRE.txt [ Cookie:holly@bevelwise.rotator.hadj7.adjuggler.net/ ]
C:\USERS\HOLLY\Cookies\1V4ZG000.txt [ Cookie:holly@content.yieldmanager.com/ ]
C:\USERS\HOLLY\Cookies\3JY666ME.txt [ Cookie:holly@mediatraffic.com/ ]
C:\USERS\HOLLY\Cookies\GNQ16LT3.txt [ Cookie:holly@pointroll.com/ ]
C:\USERS\HOLLY\Cookies\SFAPFS7V.txt [ Cookie:holly@boom-find.com/click/ ]
C:\USERS\HOLLY\Cookies\P3A5A14L.txt [ Cookie:holly@miva.cinomedia.com/ ]
C:\USERS\HOLLY\Cookies\T5NXM8NI.txt [ Cookie:holly@adserver.adtechus.com/ ]
C:\USERS\HOLLY\Cookies\FJPG9U0O.txt [ Cookie:holly@awesome-find.com/click/ ]
C:\USERS\HOLLY\Cookies\ZP7DJO1M.txt [ Cookie:holly@yieldmanager.net/ ]
C:\USERS\HOLLY\Cookies\DJS49S34.txt [ Cookie:holly@findsimle.com/ ]
C:\USERS\HOLLY\Cookies\KDGVH0G5.txt [ Cookie:holly@findesop.com/ ]
C:\USERS\HOLLY\Cookies\MB94D7FU.txt [ Cookie:holly@malakmedia.com/ ]
C:\USERS\HOLLY\Cookies\P45OOZV7.txt [ Cookie:holly@www.findallofittoday.com/ ]
C:\USERS\HOLLY\Cookies\E0WPZ0Z1.txt [ Cookie:holly@adserver2.eclickz.com/ ]
C:\USERS\HOLLY\Cookies\7IIMQWC5.txt [ Cookie:holly@blog.chitika.com/ ]
C:\USERS\HOLLY\Cookies\OVSPVODL.txt [ Cookie:holly@fromtofind.com/ ]
C:\USERS\HOLLY\Cookies\2SL80N1Z.txt [ Cookie:holly@adtech.de/ ]
C:\USERS\HOLLY\Cookies\V5JDO7XX.txt [ Cookie:holly@mm.chitika.net/ ]
C:\USERS\HOLLY\Cookies\2UKYXPJM.txt [ Cookie:holly@a1.interclick.com/ ]
C:\USERS\HOLLY\Cookies\D90AFD6A.txt [ Cookie:holly@adxpose.com/ ]
C:\USERS\HOLLY\Cookies\Q5TTR7F3.txt [ Cookie:holly@clicks.thespecialsearch.com/ ]
C:\USERS\HOLLY\Cookies\ATUC9XHH.txt [ Cookie:holly@findology.com/ ]
C:\USERS\HOLLY\Cookies\V6547A7J.txt [ Cookie:holly@mediaservices-d.openxenterprise.com/ ]
C:\USERS\HOLLY\Cookies\FQDCO5A8.txt [ Cookie:holly@collective-media.net/ ]
C:\USERS\HOLLY\Cookies\S2VIEF7V.txt [ Cookie:holly@findedclik.com/ ]
C:\USERS\HOLLY\Cookies\075JCVMP.txt [ Cookie:holly@lokyfind.com/ ]
C:\USERS\HOLLY\Cookies\EOAUA6ND.txt [ Cookie:holly@atwola.com/ ]
C:\USERS\HOLLY\Cookies\U0B9TC0V.txt [ Cookie:holly@media.adfrontiers.com/ ]
C:\USERS\HOLLY\Cookies\578XV9XZ.txt [ Cookie:holly@chitika.com/ ]
C:\USERS\HOLLY\Cookies\H028SG6Q.txt [ Cookie:holly@media6degrees.com/ ]
C:\USERS\HOLLY\Cookies\DA3SS0C4.txt [ Cookie:holly@pennyfinder.com/ ]
C:\USERS\HOLLY\Cookies\AH7K3ZTG.txt [ Cookie:holly@invitemedia.com/ ]
C:\USERS\HOLLY\Cookies\LSKVW1AR.txt [ Cookie:holly@ad.yieldmanager.com/ ]
C:\USERS\HOLLY\Cookies\OSBCHY7L.txt [ Cookie:holly@advertise.com/ ]
C:\USERS\HOLLY\Cookies\X2ZAJZ5Y.txt [ Cookie:holly@lucidmedia.com/ ]
C:\USERS\HOLLY\Cookies\V6HG4X7L.txt [ Cookie:holly@at.atwola.com/ ]
C:\USERS\HOLLY\Cookies\SV07B70L.txt [ Cookie:holly@isourcecenter.com/click/ ]
C:\USERS\HOLLY\Cookies\FAY5BPK9.txt [ Cookie:holly@banners.trafficengine.net/ ]
C:\USERS\HOLLY\Cookies\TTGCTU77.txt [ Cookie:holly@revsci.net/ ]
C:\USERS\HOLLY\Cookies\FEENR2RH.txt [ Cookie:holly@interclick.com/ ]
C:\USERS\HOLLY\Cookies\6MOLKWQV.txt [ Cookie:holly@indigo-search.com/click/ ]
C:\USERS\HOLLY\Cookies\1V82UH8G.txt [ Cookie:holly@weborama.fr/ ]
C:\USERS\HOLLY\Cookies\0W0HAMKX.txt [ Cookie:holly@click.scour.com/ ]
C:\USERS\HOLLY\Cookies\HX2P4TS6.txt [ Cookie:holly@adbrite.com/ ]
C:\USERS\HOLLY\Cookies\91F8GYG3.txt [ Cookie:holly@amazon-adsystem.com/ ]
C:\USERS\HOLLY\Cookies\2SY0Y9AI.txt [ Cookie:holly@tacoda.at.atwola.com/ ]
C:\USERS\HOLLY\Cookies\6KZ5SG5H.txt [ Cookie:holly@ads.pointroll.com/ ]
C:\USERS\HOLLY\Cookies\NUXKSEKT.txt [ Cookie:holly@mifind.net/ ]
C:\USERS\HOLLY\Cookies\G8Y5ASQY.txt [ Cookie:holly@server.cpmstar.com/ ]
C:\USERS\HOLLY\Cookies\CL8TOAHU.txt [ Cookie:holly@imrworldwide.com/cgi-bin ]
C:\USERS\HOLLY\Cookies\R4V5LZSS.txt [ Cookie:holly@perfind.net/ ]
C:\USERS\HOLLY\Cookies\DH1UDJBR.txt [ Cookie:holly@goclicker.com/ ]
C:\USERS\HOLLY\Cookies\1EU8D0BK.txt [ Cookie:holly@optimize.indieclick.com/ ]
C:\USERS\HOLLY\Cookies\NKH8QFHZ.txt [ Cookie:holly@cn.clickable.net/ ]

shcorley
2012-01-17, 06:27
here is the rest

C:\USERS\HOLLY\Cookies\60S52ZWS.txt [ Cookie:holly@klpfind.com/ ]
C:\USERS\HOLLY\Cookies\G27LL1G0.txt [ Cookie:holly@test.sem-tracking-analytics.com/test/ ]
C:\USERS\HOLLY\Cookies\1D7YRP5A.txt [ Cookie:holly@click.searchnation.net/ ]
C:\USERS\HOLLY\Cookies\HKP04TNR.txt [ Cookie:holly@ad2.adfarm1.adition.com/ ]
C:\USERS\HOLLY\Cookies\KPAD0UL2.txt [ Cookie:holly@intermundomedia.com/ ]
C:\USERS\HOLLY\Cookies\CM3QFECT.txt [ Cookie:holly@mellfind.com/ ]
C:\USERS\HOLLY\Cookies\8PGVMZM0.txt [ Cookie:holly@adfarm1.adition.com/ ]
C:\USERS\HOLLY\Cookies\LT319MGE.txt [ Cookie:holly@buzz-media.com/ ]
C:\USERS\HOLLY\Cookies\ND212QID.txt [ Cookie:holly@kontera.com/ ]
C:\USERS\HOLLY\Cookies\C3BACZ98.txt [ Cookie:holly@network.realmedia.com/ ]
C:\USERS\HOLLY\Cookies\6V2MR805.txt [ Cookie:holly@insights.chitika.com/ ]
C:\USERS\HOLLY\Cookies\WJENJH9Q.txt [ Cookie:holly@orange-advertising.com/ ]
C:\USERS\HOLLY\Cookies\1UJGFWWI.txt [ Cookie:holly@seek-your.com/click/ ]
C:\USERS\HOLLY\Cookies\1Z41NNKV.txt [ Cookie:holly@stat.onestat.com/ ]
C:\USERS\HOLLY\Cookies\QC3Z6WOL.txt [ Cookie:holly@clickkick.net/ ]
C:\USERS\HOLLY\Cookies\VCFY93S6.txt [ Cookie:holly@bizzclick.com/ ]
C:\USERS\HOLLY\Cookies\T3UMBGZ9.txt [ Cookie:holly@adinterax.com/ ]
C:\USERS\HOLLY\Cookies\4KZNNNY9.txt [ Cookie:holly@seek-media.com/click/ ]
C:\USERS\HOLLY\Cookies\CLIFDGHT.txt [ Cookie:holly@xml.mediality.com/ ]
C:\USERS\HOLLY\Cookies\VRXBHJ33.txt [ Cookie:holly@trafficmp.com/ ]
C:\USERS\HOLLY\Cookies\UC2R7OQ7.txt [ Cookie:holly@findstops.com/ ]
C:\USERS\HOLLY\Cookies\KI3KVY69.txt [ Cookie:holly@xm.xtendmedia.com/ ]
C:\USERS\HOLLY\Cookies\VYL6YB4H.txt [ Cookie:holly@ar.atwola.com/ ]
C:\USERS\HOLLY\Cookies\NI3LR42W.txt [ Cookie:holly@clicks.freesearchbuddy.com/ ]
C:\USERS\HOLLY\Cookies\8BLMHUJL.txt [ Cookie:holly@stevesmithmedia.com/ ]
C:\USERS\HOLLY\Cookies\RW15CMW3.txt [ Cookie:holly@ads.networldmedia.net/ ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\F6LZTXIQ.txt [ /pro-market.net ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\KO8A5ZL2.txt [ /clicksor.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\IBPA2TZN.txt [ /tribalfusion.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\6FMHT1L6.txt [ /myroitracking.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\FMB1ZCA4.txt [ /atwola.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\O6SUH43W.txt [ /media6degrees.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\E5LZ052G.txt [ /invitemedia.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\FW6B7L4A.txt [ /ad.yieldmanager.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\C5OAY97S.txt [ /lucidmedia.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\YTUVTX1L.txt [ /at.atwola.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\E6R7W6MA.txt [ /revsci.net ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\OP6IDITF.txt [ /adbrite.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\RVM0W5N6.txt [ /tacoda.at.atwola.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\3KBBPDQ5.txt [ /ar.atwola.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\ZXXAEN0S.txt [ /ox-d.matchflowmedia.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\1JOQUOVO.txt [ /eyewonder.com ]
C:\USERS\HOLLY\Cookies\F6LZTXIQ.txt [ Cookie:holly@pro-market.net/ ]
C:\USERS\HOLLY\Cookies\KO8A5ZL2.txt [ Cookie:holly@clicksor.com/ ]
C:\USERS\HOLLY\Cookies\6FMHT1L6.txt [ Cookie:holly@myroitracking.com/ ]
C:\USERS\HOLLY\Cookies\FMB1ZCA4.txt [ Cookie:holly@atwola.com/ ]
C:\USERS\HOLLY\Cookies\O6SUH43W.txt [ Cookie:holly@media6degrees.com/ ]
C:\USERS\HOLLY\Cookies\E5LZ052G.txt [ Cookie:holly@invitemedia.com/ ]
C:\USERS\HOLLY\Cookies\FW6B7L4A.txt [ Cookie:holly@ad.yieldmanager.com/ ]
C:\USERS\HOLLY\Cookies\C5OAY97S.txt [ Cookie:holly@lucidmedia.com/ ]
C:\USERS\HOLLY\Cookies\YTUVTX1L.txt [ Cookie:holly@at.atwola.com/ ]
C:\USERS\HOLLY\Cookies\E6R7W6MA.txt [ Cookie:holly@revsci.net/ ]
C:\USERS\HOLLY\Cookies\OP6IDITF.txt [ Cookie:holly@adbrite.com/ ]
C:\USERS\HOLLY\Cookies\RVM0W5N6.txt [ Cookie:holly@tacoda.at.atwola.com/ ]
C:\USERS\HOLLY\Cookies\3KBBPDQ5.txt [ Cookie:holly@ar.atwola.com/ ]
C:\USERS\HOLLY\Cookies\ZXXAEN0S.txt [ Cookie:holly@ox-d.matchflowmedia.com/ ]
C:\USERS\HOLLY\Cookies\1JOQUOVO.txt [ Cookie:holly@eyewonder.com/ ]
.interclick.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.pointroll.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.adinterax.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.adxpose.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.kontera.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
data.coremetrics.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.adserver.adtechus.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.lfstmedia.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.dmtracker.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.eyewonder.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.mediaforge.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.thefind.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.media2.legacy.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.247realmedia.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.247realmedia.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.247realmedia.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.overture.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.ads-vrx.adbrite.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.adtechus.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
wstat.wibiya.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.bizrate.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.bizrate.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.bizrate.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.cbsdigitalmedia.112.2o7.net [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.warnerbros.112.2o7.net [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.paypal.112.2o7.net [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.uac.advertising.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.media.contextweb.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
traffic.prod.cobaltgroup.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
us.adserver.yahoo.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.burstnet.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.getclicky.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.static.getclicky.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
in.getclicky.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.bonton.122.2o7.net [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.adultswim.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
ads.adultswim.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.clickbooth.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.hg1.hitbox.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
cdn.uc.atwola.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.greatschools.122.2o7.net [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
track.dimestore.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
track.dimestore.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
track.dimestore.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
track.dimestore.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
track.dimestore.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
track.dimestore.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
stats.townnews.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
stats.townnews.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
stats.townnews.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
stats.townnews.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
stats.townnews.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
stats.townnews.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
stats.townnews.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
stats.townnews.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.seeclickfix.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.seeclickfix.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
d.gravityadnetwork.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.journalregistercompany.122.2o7.net [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.eyewonder.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.eyewonder.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.recruit.112.2o7.net [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.click.livedoor.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.buildabear.122.2o7.net [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.network.realmedia.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.traveladvertising.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.traveladvertising.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.s.clickability.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.s.clickability.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.viewablemedia.net [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.homestore.122.2o7.net [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
mediaservices-d.openxenterprise.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.martiniadnetwork.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.martiniadnetwork.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.martiniadnetwork.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
www.profilebanner.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
www.profilebanner.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.profilebanner.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.profilebanner.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.my-banners.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.my-banners.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.overture.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.bs.serving-sys.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.andomedia.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.lfstmedia.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
www1.addfreestats.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.lfstmedia.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.richmedia.yahoo.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.adlegend.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.adlegend.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.clickfuse.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
link.mercent.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.mediaforge.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
gs.serving-sys.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.steelhousemedia.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.steelhousemedia.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.steelhousemedia.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
count.duckol.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.myrtlebeachareachamberofcommerce.112.2o7.net [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.thefind.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.thefind.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.thefind.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.atwola.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.pro-market.net [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.www.burstnet.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.pro-market.net [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.pro-market.net [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.ad.doubleclick.net [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
www.online-media-stats.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
dc.tremormedia.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
ads.saymedia.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.traveladvertising.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.c.atdmt.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.c.atdmt.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
theclicker.today.msnbc.msn.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
theclicker.today.msnbc.msn.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.msnbc.112.2o7.net [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.cbcnewmedia.112.2o7.net [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.accounts.google.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.accounts.google.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.googleads.g.doubleclick.net [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
games.adultswim.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.traveladvertising.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.traveladvertising.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
ad2.adfarm1.adition.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.lfstmedia.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
stats-newyork1.bloxcms.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
stats-newyork1.bloxcms.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
stats-newyork1.bloxcms.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
stats-newyork1.bloxcms.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.ar.atwola.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.ar.atwola.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.yieldmanager.net [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.technoratimedia.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.r1-ads.ace.advertising.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
click.scour.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
statse.webtrendslive.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
www.burstnet.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
www.burstnet.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.eyewonder.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.googleads.g.doubleclick.net [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.unrulymedia.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.adxvalue.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.trinitymirror.112.2o7.net [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.ehg-mgnlimited.hitbox.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.hitbox.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.hitbox.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.media.adfrontiers.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.burstnet.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.media.adfrontiers.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.lfstmedia.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
d.mediaforge.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.gsimedia.net [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.totalteenbeauty.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.totalteenbeauty.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.gsimedia.net [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
click.jve.net [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.pointroll.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.lucidmedia.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.247realmedia.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
www.finderlocator.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
www.goaltraffic.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
www.finderlocator.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.clicksor.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.clicksor.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.clicksor.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.clicksor.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.myroitracking.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.pro-market.net [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.pro-market.net [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.bs.serving-sys.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
sales.liveperson.net [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.tribalfusion.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.histats.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.histats.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.mm.chitika.net [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.adinterax.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.eset.122.2o7.net [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
bridge1.admarketplace.net [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.admarketplace.net [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.kaspersky.122.2o7.net [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]
.advertise.com [ C:\USERS\HOLLY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7B5ZWUW5.DEFAULT\COOKIES.SQLITE ]

Trojan.Agent/Gen-Nullo[Micro]
C:\USERS\HOLLY\APPDATA\ROAMING\APPLE COMPUTER\MOBILESYNC\BACKUP\B76634FEBE1FFD07023DEE089C49A123F155D1BF\042108A59134291CC8EBBBD22AA06A6D2CDCBDBF
C:\USERS\HOLLY\APPDATA\ROAMING\APPLE COMPUTER\MOBILESYNC\BACKUP\B76634FEBE1FFD07023DEE089C49A123F155D1BF\07DFC6BFCB6329A16CAD87C67DF1DAB8BDF0F5D9
C:\USERS\HOLLY\APPDATA\ROAMING\APPLE COMPUTER\MOBILESYNC\BACKUP\B76634FEBE1FFD07023DEE089C49A123F155D1BF\0F621DF54DFE4E2BF07A30FF9FA6795CCAA67475
C:\USERS\HOLLY\APPDATA\ROAMING\APPLE COMPUTER\MOBILESYNC\BACKUP\B76634FEBE1FFD07023DEE089C49A123F155D1BF\1B6FAD80DEA0B2C0857B47575B7A0FBF163FF314
C:\USERS\HOLLY\APPDATA\ROAMING\APPLE COMPUTER\MOBILESYNC\BACKUP\B76634FEBE1FFD07023DEE089C49A123F155D1BF\4020009D0C78331B9AB4086720CFA91FD0E47028
C:\USERS\HOLLY\APPDATA\ROAMING\APPLE COMPUTER\MOBILESYNC\BACKUP\B76634FEBE1FFD07023DEE089C49A123F155D1BF\49737B1F7D99884B0AE975E2E74B9FB2E6203E8E
C:\USERS\HOLLY\APPDATA\ROAMING\APPLE COMPUTER\MOBILESYNC\BACKUP\B76634FEBE1FFD07023DEE089C49A123F155D1BF\4B00574FF730738255D5B74657B28BD87F3282CF
C:\USERS\HOLLY\APPDATA\ROAMING\APPLE COMPUTER\MOBILESYNC\BACKUP\B76634FEBE1FFD07023DEE089C49A123F155D1BF\4E75EEEB8EB4B99C7D7682E6558BC758F12E0BE2
C:\USERS\HOLLY\APPDATA\ROAMING\APPLE COMPUTER\MOBILESYNC\BACKUP\B76634FEBE1FFD07023DEE089C49A123F155D1BF\B9D30B3BA4524B73F2334A4DACAFAFF8989A1F9A

ken545
2012-01-17, 11:30
Good Morning,

This is most likely related to a rootkit and its blocking most rootkit scanners from working, I have dealt with the possible rootkit thats causing this but dont see any markers in your log for it, I am going to have someone else take a peek . Most of what SuperAntiSpyware found where cookies

In the meantime do this

Please download rkill (Courtesy of Bleepingcomputer.com).
There are 5 different versions of this tool. If one of them will not run, please try the next one in the list.
Note: Vista and Windows 7 Users must right click and select "Run as Administrator" to run the tool.
Note: You only need to get one of the tools to run, not all of them.




1. rkill.exe (http://download.bleepingcomputer.com/grinler/rkill.exe)
2. rkill.com (http://download.bleepingcomputer.com/grinler/rkill.com)
3. rkill.scr (http://download.bleepingcomputer.com/grinler/rkill.scr)
4. WiNlOgOn.exe (http://download.bleepingcomputer.com/grinler/WiNlOgOn.exe)
5. uSeRiNiT.exe (http://download.bleepingcomputer.com/grinler/uSeRiNiT.exe)


Note: You will likely see a message from this rogue telling you the file is infected. Ignore the message. Leave the message OPEN, do not close the message.

Run rkill repeatedly until it's able to do it's job. This may take a few tries.

You'll be able to tell rkill has done it's job when your desktop (explorer.exe) cycles off and then on again.




Then try both aswMBR and TDSSKiller again and see if they will run



You will need to run the 64bit version of System Look

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Download Mirror #2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)
64 Bit Version (http://jpshortstuff.247Fixes.com/SystemLook_x64.exe)


Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:


:filefind
gimmeanswers
:folderfind
gimmeanswers
:regfind
gimmeanswers


Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

ken545
2012-01-17, 14:20
You disregard the instructions for System Look

You may have a hidden infected partition on your Master Boot Record, I would like you to run Root Repeal.

RootRepeal - Rootkit Detector


Download RootRepeal from the following location and save it to your desktop.

Link 1 (http://rootrepeal.googlepages.com/RootRepeal.zip)

Link 2 (http://ad13.geekstogo.com/RootRepeal.zip)

Link 3 (http://rootrepeal.psikotick.com/RootRepeal.zip)

Unzip it to your Desktop
Double click RootRepeal.exe to start the program
Click on the Report tab at the bottom of the program window
Click the Scan button
In the Select Scan dialog, check:

Drivers

Click the OK button
Check the box for your main system drive (Usually C: ), and Click OK to start the scan

The scan can take some time. DO NOT run any other programs while the scan is running

When the scan is complete, the Save Report button will become available
Click this and save the report to your Desktop as RootRepeal.txt
Go to File, then Exit to close the program

shcorley
2012-01-18, 04:47
I get an error that says rootrepeal does not support 64bit OSs and it won't run.

I couldn't run TDSS nor aswMBR after running rkill either.

-scott

ken545
2012-01-18, 11:07
Good Morning Scott,

Whats happening is that malware has installed a hidden partition in your Master Boot Record and set that partition as active so everytime you boot the computer the malware is activated , this is why your MBR looks fine when we ran some scans. This rootkit is preventing most removal programs from running. Where going to run a tool off of a thumb drive, if you dont have one you will need to purchase or borrow one, just a small inexpensive one is fine. This infection is fairly new and one of our malware fighters has written a program to deal with this. Its going to be a two part fix, first the tool will search for a hidden partition and then reset the clean partition as active, once thats done than we can remove the hidden one, hope this makes sense to you.

Before we do that we need to get a copy of the MBR, open MBR Check that you ran earlier but this time select Option one to dump the file , it will appear on your desktop as MBR.dat, then zip it and attach it in your next reply

Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

shcorley
2012-01-19, 04:36
ken, thanks for all the help

I was not able to get to any options when I ran MBR check. It brought up a dos window and all I could do was hit enter when it was done.

below is the file it created in case that helps.


MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Inspiron 1545
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 184):
0x02A1F000 \SystemRoot\system32\ntoskrnl.exe
0x03008000 \SystemRoot\system32\hal.dll
0x00BCC000 \SystemRoot\system32\kdcom.dll
0x00CCD000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00D1C000 \SystemRoot\system32\PSHED.dll
0x00D30000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00E02000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00EA6000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00EB5000 \SystemRoot\system32\drivers\ACPI.sys
0x00F0C000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00F15000 \SystemRoot\system32\drivers\msisadrv.sys
0x00F1F000 \SystemRoot\system32\drivers\pci.sys
0x00F52000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00F5F000 \SystemRoot\System32\drivers\partmgr.sys
0x00F74000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00F7D000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00F89000 \SystemRoot\system32\drivers\volmgr.sys
0x00F9E000 \SystemRoot\System32\drivers\volmgrx.sys
0x00D8E000 \SystemRoot\System32\drivers\mountmgr.sys
0x01087000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x011A3000 \SystemRoot\system32\drivers\amdxata.sys
0x011AE000 \SystemRoot\system32\drivers\fltmgr.sys
0x01000000 \SystemRoot\system32\drivers\fileinfo.sys
0x01014000 \SystemRoot\system32\DRIVERS\Lbd.sys
0x0121D000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01029000 \SystemRoot\System32\Drivers\msrpc.sys
0x013C0000 \SystemRoot\System32\Drivers\ksecdd.sys
0x0149F000 \SystemRoot\System32\Drivers\cng.sys
0x01511000 \SystemRoot\System32\drivers\pcw.sys
0x01522000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x016CB000 \SystemRoot\system32\drivers\ndis.sys
0x01600000 \SystemRoot\system32\drivers\NETIO.SYS
0x01660000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x0182B000 \SystemRoot\System32\drivers\tcpip.sys
0x01A2F000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01A79000 \SystemRoot\system32\drivers\volsnap.sys
0x01AC5000 \SystemRoot\System32\Drivers\spldr.sys
0x01ACD000 \SystemRoot\System32\drivers\rdyboost.sys
0x01B07000 \SystemRoot\System32\Drivers\mup.sys
0x01B19000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01B22000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01B5C000 \SystemRoot\system32\DRIVERS\disk.sys
0x01B72000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x02FD5000 \SystemRoot\system32\drivers\cdrom.sys
0x02E00000 \SystemRoot\System32\Drivers\Null.SYS
0x02E09000 \SystemRoot\System32\Drivers\Beep.SYS
0x02E10000 \SystemRoot\System32\drivers\vga.sys
0x02E1E000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x02E43000 \SystemRoot\System32\drivers\watchdog.sys
0x02E53000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x02E5C000 \SystemRoot\system32\drivers\rdpencdd.sys
0x02E65000 \SystemRoot\system32\drivers\rdprefmp.sys
0x02E6E000 \SystemRoot\System32\Drivers\Msfs.SYS
0x02E79000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01BB0000 \SystemRoot\system32\DRIVERS\tdx.sys
0x02E8A000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x0152C000 \SystemRoot\system32\drivers\afd.sys
0x015B5000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02E97000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x01BD2000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x01800000 \SystemRoot\system32\DRIVERS\pacer.sys
0x01BDB000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x01BF1000 \SystemRoot\system32\DRIVERS\netbios.sys
0x0168B000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x016A6000 \SystemRoot\system32\drivers\termdd.sys
0x016BA000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
0x017BE000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
0x01400000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x017C8000 \SystemRoot\system32\drivers\nsiproxy.sys
0x017D4000 \SystemRoot\system32\drivers\mssmbios.sys
0x017DF000 \SystemRoot\System32\drivers\discache.sys
0x01451000 \SystemRoot\System32\Drivers\dfsc.sys
0x017EE000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x0146F000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x00DA8000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x040F2000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x03EC3000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x03FB7000 \SystemRoot\System32\drivers\dxgmms1.sys
0x03E00000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x03E0D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x03E63000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x03E74000 \SystemRoot\system32\drivers\HDAudBus.sys
0x04A57000 \SystemRoot\system32\DRIVERS\bcmwl664.sys
0x04CFF000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x04D0C000 \SystemRoot\system32\DRIVERS\yk62x64.sys
0x04D70000 \SystemRoot\system32\drivers\i8042prt.sys
0x04D8E000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0x04DD9000 \SystemRoot\system32\drivers\mouclass.sys
0x04DE8000 \SystemRoot\system32\drivers\kbdclass.sys
0x04A00000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x04A0D000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x04A12000 \SystemRoot\system32\drivers\wmiacpi.sys
0x04A1B000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x04A31000 \SystemRoot\system32\drivers\CompositeBus.sys
0x04A41000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x03E98000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x047F1000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04000000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x0402F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x0404A000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x0406B000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x04DF7000 \SystemRoot\system32\drivers\swenum.sys
0x04085000 \SystemRoot\system32\drivers\ks.sys
0x040C8000 \SystemRoot\system32\drivers\umbus.sys
0x04E11000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x04E6B000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x04E80000 \SystemRoot\system32\DRIVERS\stwrt64.sys
0x04EFF000 \SystemRoot\system32\DRIVERS\portcls.sys
0x04F3C000 \SystemRoot\system32\DRIVERS\drmk.sys
0x04F5E000 \SystemRoot\system32\drivers\ksthunk.sys
0x04F64000 \SystemRoot\System32\Drivers\crashdmp.sys
0x02EA2000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x04F72000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x00070000 \SystemRoot\System32\win32k.sys
0x04F85000 \SystemRoot\System32\drivers\Dxapi.sys
0x04F91000 \SystemRoot\System32\Drivers\RtsUStor.sys
0x04FCB000 \SystemRoot\System32\Drivers\USBD.SYS
0x04FCD000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x00DCE000 \SystemRoot\System32\Drivers\usbvideo.sys
0x04FEA000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00490000 \SystemRoot\System32\TSDDD.dll
0x00780000 \SystemRoot\System32\cdd.dll
0x013DB000 \SystemRoot\system32\drivers\luafv.sys
0x02CFC000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x02D1B000 \SystemRoot\system32\drivers\WudfPf.sys
0x02D3C000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x02D51000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x02DA4000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x02DB7000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x02C00000 \SystemRoot\system32\drivers\HTTP.sys
0x02CC9000 \SystemRoot\system32\DRIVERS\bowser.sys
0x02DCF000 \SystemRoot\System32\drivers\mpsdrv.sys
0x05E92000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x05EBF000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x05F0D000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x05F31000 \SystemRoot\system32\drivers\peauth.sys
0x05FD7000 \SystemRoot\System32\Drivers\secdrv.SYS
0x05E00000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x05E31000 \SystemRoot\System32\drivers\tcpipreg.sys
0x06E2B000 \SystemRoot\System32\DRIVERS\srv2.sys
0x06E94000 \SystemRoot\System32\DRIVERS\srv.sys
0x06F33000 \SystemRoot\system32\drivers\BCM42RLY.sys
0x06F3C000 \SystemRoot\System32\Drivers\fastfat.SYS
0x06F72000 \SystemRoot\system32\drivers\spsys.sys
0x773B0000 \Windows\System32\ntdll.dll
0x47900000 \Windows\System32\smss.exe
0xFF6D0000 \Windows\System32\apisetschema.dll
0xFF740000 \Windows\System32\autochk.exe
0xFF6A0000 \Windows\System32\sechost.dll
0x77260000 \Windows\System32\urlmon.dll
0xFF640000 \Windows\System32\Wldap32.dll
0x77100000 \Windows\System32\wininet.dll
0x76FE0000 \Windows\System32\kernel32.dll
0xFF460000 \Windows\System32\setupapi.dll
0x76EE0000 \Windows\System32\user32.dll
0xFF3E0000 \Windows\System32\shlwapi.dll
0xFF3D0000 \Windows\System32\nsi.dll
0xFF360000 \Windows\System32\gdi32.dll
0x77580000 \Windows\System32\psapi.dll
0xFF340000 \Windows\System32\imagehlp.dll
0xFF310000 \Windows\System32\imm32.dll
0xFE580000 \Windows\System32\shell32.dll
0xFE4E0000 \Windows\System32\msvcrt.dll
0xFE3D0000 \Windows\System32\msctf.dll
0xFE2A0000 \Windows\System32\rpcrt4.dll
0xFE200000 \Windows\System32\clbcatq.dll
0xFE1B0000 \Windows\System32\ws2_32.dll
0xFE0E0000 \Windows\System32\usp10.dll
0xFE0D0000 \Windows\System32\lpk.dll
0x77570000 \Windows\System32\normaliz.dll
0x76CD0000 \Windows\System32\iertutil.dll
0xFDFF0000 \Windows\System32\advapi32.dll
0xFDF70000 \Windows\System32\difxapi.dll
0xFDD60000 \Windows\System32\ole32.dll
0xFDCC0000 \Windows\System32\comdlg32.dll
0xFDBE0000 \Windows\System32\oleaut32.dll
0xFDBA0000 \Windows\System32\wintrust.dll
0xFDA30000 \Windows\System32\crypt32.dll
0xFD9F0000 \Windows\System32\cfgmgr32.dll
0xFD980000 \Windows\System32\KernelBase.dll
0xFD960000 \Windows\System32\devobj.dll
0xFD8C0000 \Windows\System32\comctl32.dll
0xFD8B0000 \Windows\System32\msasn1.dll

Processes (total 73):
0 System Idle Process
4 System
312 C:\Windows\System32\smss.exe
396 csrss.exe
464 C:\Windows\System32\wininit.exe
480 csrss.exe
516 C:\Windows\System32\services.exe
556 C:\Windows\System32\winlogon.exe
568 C:\Windows\System32\lsass.exe
576 C:\Windows\System32\lsm.exe
708 C:\Windows\System32\svchost.exe
792 C:\Windows\System32\svchost.exe
892 C:\Windows\System32\svchost.exe
928 C:\Windows\System32\svchost.exe
972 C:\Windows\System32\svchost.exe
1004 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\stacsv64.exe
436 C:\Windows\System32\audiodg.exe
408 C:\Windows\System32\svchost.exe
1088 C:\Windows\System32\svchost.exe
1220 C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
1228 C:\Windows\System32\wlanext.exe
1236 C:\Windows\System32\conhost.exe
1320 C:\Program Files\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXE
1524 C:\Windows\System32\spoolsv.exe
1596 C:\Windows\System32\dwm.exe
1628 C:\Windows\System32\taskhost.exe
1680 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
1700 C:\Windows\System32\svchost.exe
1720 C:\Windows\explorer.exe
1892 C:\Windows\System32\taskeng.exe
1948 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
1960 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
1980 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe
2004 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
2028 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1204 C:\Program Files\Bonjour\mDNSResponder.exe
1672 C:\Windows\System32\svchost.exe
1908 C:\Windows\System32\svchost.exe
2136 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
2144 C:\Windows\System32\conhost.exe
2392 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
2440 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
2872 C:\Program Files\DellTPad\Apoint.exe
2880 C:\Program Files\IDT\WDM\sttray64.exe
2920 C:\Windows\System32\hkcmd.exe
2952 C:\Windows\System32\igfxsrvc.exe
2976 C:\Windows\System32\igfxpers.exe
2984 C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
3008 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
3112 C:\Users\Holly\AppData\Roaming\Dropbox\bin\Dropbox.exe
3276 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
3292 C:\Program Files (x86)\iTunes\iTunesHelper.exe
3688 C:\Windows\System32\SearchIndexer.exe
3820 C:\Program Files\iPod\bin\iPodService.exe
2636 C:\Windows\System32\svchost.exe
3912 C:\Program Files\Windows Media Player\wmpnetwk.exe
4212 C:\Program Files\DellTPad\ApMsgFwd.exe
4372 C:\Program Files\DellTPad\ApntEx.exe
4388 C:\Windows\System32\conhost.exe
4440 C:\Program Files\DellTPad\hidfind.exe
2716 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
3080 C:\Windows\System32\taskeng.exe
4312 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
2972 C:\Windows\System32\sppsvc.exe
4064 C:\Windows\System32\svchost.exe
5108 C:\Windows\servicing\TrustedInstaller.exe
4000 C:\Windows\System32\SearchFilterHost.exe
4736 C:\Users\Holly\Desktop\MBRCheck.exe
3668 C:\Windows\System32\conhost.exe
4236 dllhost.exe
4748 dllhost.exe
3504 C:\Users\Holly\Desktop\MBRCheck.exe
3764 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`b4400000 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK3265GSX, Rev: GJ003D

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!

ken545
2012-01-19, 10:54
Ok, try this other program then, you may want to print this out and keep it handy so you can follow the instructions


xPUD

We will need a USB stick and access to an uninfected machine.

We need to prepare the USB stick. It is not absolutely essential that it is formatted, but it may help if it is:

Insert your USB drive ino the uninfected machine.
Click on Start > My Computer > right click your USB drive > choose Format > Quick format.


Next

Download both http://sourceforge.net/projects/unetbootin/files/UNetbootin/Custom/unetbootin-xpud-windows-387.exe/download and http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the desktop of the uninfected machine.
Make sure you have the formatted USB stick in the uninfected system.
Double click on the unetbootin-xpud-windows-387.exe that you just downloaded.
Press Run and then OK.
Select the DiskImage option then click the browse button located on the right side of the textbox field.
Browse to and select the xpud-0.9.2.iso file you downloaded.
Verify the correct drive letter is selected for your USB device then click OK.
It will install a little bootable OS on your USB device
After it has completed do not choose to reboot the clean computer, simply close the installer.


Next

Use the clean computer to download dumpit from the following link: http://noahdfear.net/downloads/dumpit
Once dumpit is downloaded save it to the USB stick.


Next

Take the USB to the infected computer and boot with it.
The computer must be set to boot from the USB (as soon as BIOS is loaded tap F12 and choose to boot from the USB drive).
A Welcome to xPUD screen will appear.
Press File.
Expand mnt.
sda1,2...usually corresponds to your HDD.
sdb1 is likely your USB drive.
Click on the folder that represents your USB drive (sdb1 ?).
Confirm that you see dumpit that you downloaded there.
Double click on dumpit.
Once completed, a file called mbr.zip will be saved to the USB drive.
Take the USB drive back to the uninfected system and attach the mbr.zip in your next reply.



If you encounter any diffuculties just let me know.

shcorley
2012-01-19, 17:06
Does the uninfected machine need to be on the same version of windows? Onfected is running win 7. The uninfected is XP, but I can get to a windows 7 machine if need be.

shcorley
2012-01-19, 18:00
also when i click the link to go to dumpit I get a file of "code" not something to download. Do I cut and past this somewhere? I don't see where I get something I can run.

shcorley
2012-01-19, 18:11
I was able to download dumpit using firefox instead of IE.

I did all this from an XP machine.

Please let me know if that is valid or if I need to use a WIN 7 machine instead.

-Scott

ken545
2012-01-19, 19:25
I think your ok

shcorley
2012-01-20, 05:43
I have attached the zip file

ken545
2012-01-20, 13:15
Ok Scott, thanks. Just hang on a bit and I am going to have one of our MBR experts check it to see if its infected

ken545
2012-01-20, 19:46
Scott,

Lets give TDSSKiller another shot, drag the one on your desktop to the trash and download a clean new copy

Please download TDSSKiller.zip (http://support.kaspersky.com/downloads/utils/tdsskiller.zip)
Extract it to your desktop
Double click TDSSKiller.exe
Press Start Scan

Only if Malicious objects are found then ensure Cure is selected
Then click Continue > Reboot now

Copy and paste the log in your next reply

A copy of the log will be saved automatically to the root of the drive (typically C:\)

shcorley
2012-01-21, 02:04
Ken, this thing is gettimg worse. Xpuldnt run Firefox, IE or chrome in regular mode. Tried in safe mode and all will run for about 30 seconds then tell me

Firefox has stopped working. A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available.

shcorley
2012-01-21, 02:05
*****couldn't run firefox

ken545
2012-01-21, 02:28
Scott, your Master Boot Record has been altered , malware added a hidden partition and made it active, this is why your having so many problems, every time you boot your system it boots from the infected partition and the rootkit is active, this is what we need to do.


You will need a thumb drive or a CD to do this, you will need Firefox to download the files as IE is messing them up


Download tdl_fix.sh (http://noahdfear.net/downloads/tdl_fix.sh) and save it to the xPUD flash drive.
Boot into xPUD then click the File tab.
Press File
Expand mnt
Click on the folder under mnt that represents your USB drive (sdb1 ?)
You should see the tdl_fix.sh file in the main window.
Select Tool from the Menu
Choose Open Terminal
Type bash tdl_fix.sh then press Enter.
Read the warning then type y and press Enter to continue.
Type sda then press Enter when prompted.
You will be shown a list of partitions to choose marking active.
Type 2 then press Enter.
When you receive no warning about bootloader files but are presented with another view of the partition structure and asked if it looks correct, type y then press Enter.
The script will complete and prompt you to reboot the computer.
Close the Terminal window and restart back into Windows.
Post the contents of the tdl_fix.txt file that was created on your flash drive and let me know how the computer is behaving.


Note - in the event there is a problem booting the computer normally after running the script, run the tdl_fix.sh script again using the following command.

bash tdl_fix.sh -restore

Make sure to leave a space to either side of tdl_fix.sh in the command.
This will prompt you to use the file tdl_mbr_sda.bin on drive sda.
Ok the procedure then restart when complete.
This is a backup of the original mbr and will restore it to it's current state.

shcorley
2012-01-21, 02:50
I downloaded the file from my other pc, then booted from the usb. When xPUD runs i go into mmt, but there are only sda1, sda2, sda3, sda4..... No sdb1 like there was last time in xPud. It cant find the usb, yet it found it to boot from it.

shcorley
2012-01-21, 03:45
got it to run, but then couldn't get windows to reboot. ran bash with the restore and now computer is acting like before....firefox starts, but then shuts down after 15 seconds or so.

Here is the tdl_fix.txt

2012-01-20-20:14:29

The following drives were found
sda
sdc
User has chosen drive sda
tdl_mbr_sda.bin exists
backing up mbr to tdl_mbr_sda.2012-01-20-20:14:31


Disk /dev/sda: 320.0 GB, 320072933376 bytes
255 heads, 63 sectors/track, 38913 cylinders, total 625142448 sectors
Units = sectors of 1 * 512 = 512 bytes

Device Boot Start End Blocks Id System
/dev/sda1 63 273104 136521 de Unknown
/dev/sda2 274432 22683647 11204608 7 HPFS/NTFS
/dev/sda3 22683648 625139711 301228032 7 HPFS/NTFS
/dev/sda4 * 625139712 625142431 1360 17 Hidden HPFS/NTFS

Model: ATA TOSHIBA MK3265GS (scsi)
Disk /dev/sda: 320GB
Sector size (logical/physical): 512B/512B
Partition Table: msdos

Number Start End Size Type File system Flags
1 32.3kB 140MB 140MB primary fat16
2 141MB 11.6GB 11.5GB primary ntfs
3 11.6GB 320GB 308GB primary ntfs
4 320GB 320GB 1393kB primary ntfs boot, hidden


User has chosen to make partition 2 active

Model: ATA TOSHIBA MK3265GS (scsi)
Disk /dev/sda: 320GB
Sector size (logical/physical): 512B/512B
Partition Table: msdos

Number Start End Size Type File system Flags
1 32.3kB 140MB 140MB primary fat16
2 141MB 11.6GB 11.5GB primary ntfs boot
3 11.6GB 320GB 308GB primary ntfs
4 320GB 320GB 1393kB primary ntfs hidden


User has accepted changes

ken545
2012-01-21, 04:47
Hang on a bit, let me check into this. I am so glad that your able to follow the instructions , I am helping you and your helping me :)

ken545
2012-01-21, 13:03
When you set Partition 2 as active, where there any error messages, did the computer attempt to go into a repair/restore mode ?

I need you to take a screenshot of the partition, dont feel bad , we have some other users with the same problem.


Click Start > Control Panel > Adminstrator Tools > Computer Mangement
When Computer Management opens double click on disk management
make sure the pane is expanded wide enough to show all partitions
Take a screenshot by pressing the alt and print screen keys at the same time
open an editor such as Paint
right click in the white panel and click paste
save the image as a .jpg or .png
attach it to your next reply

shcorley
2012-01-21, 21:46
Ken,

Yes it did try to repair. I said no to going back to a previous restore point, then rebooted and ran the xpud program using the -restore feature.

I am having to bounce back and forth as I still can't get to the internet through the infected computer.

I did do the screen print (attached) and put it on a flash drive. Do I need to worry about bringing the virus to this machine from the infected one through the use of the flash drive?>

ken545
2012-01-21, 22:08
Thanks, we are looking over your screenshot now

ken545
2012-01-22, 03:05
Looks like there is no hidden partition but malware has adjusted your boot options, I hope you can follow this, your doing real well so far


Go back in with xPUD and set partition 2 as active. When you reboot press the F10 to bring up 'Edit Boot Options' screen. If you press it too early you might get the bios screen instead.

If it says /minint or int/min after /NOEXECUTE=OPTIN,

hit the Backspace key until that entry reads:

/NOEXECUTE=OPTIN



If you can get windows to load:
click start
type cmd into the search box
right click on cmd that appears at the top and click Run as adminstrator
type bcdedit /enum all >%userprofile%\desktop\log.log

(there is a space after bcdedit, one after enum and one after all)
hit enter
When it's finished a notepad named log.log will be on the desktop.

Post the log, if you shut the computer down you will most likely need to edit the boot option again.




http://www.techsupportforum.com/forums/f100/search-results-being-redirected-622128-2.html
Similiar problem here, it includes a screenshot of Edit Boot Options so you can get an idea of what were doing, the screenshot is in post 25, but remember we are setting Partition 2 as active, not 1.

shcorley
2012-01-22, 21:39
Things seem to be looking UP. I was able to run TDL_fix.sh to switch to partition 2, then run the /noexecute=optin command on reboot

I am also now able to open and post from Fire Fox on the infected computer!

Here is the log file


Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=\Device\HarddiskVolume2
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {current}
resumeobject {ff197ea8-84ae-11e0-b7dc-001aa075c955}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30

Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale en-US
inherit {bootloadersettings}
recoverysequence {ff197eaa-84ae-11e0-b7dc-001aa075c955}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {ff197ea8-84ae-11e0-b7dc-001aa075c955}
nx OptIn

Windows Boot Loader
-------------------
identifier {ff197eaa-84ae-11e0-b7dc-001aa075c955}
device ramdisk=[\Device\HarddiskVolume2]\Recovery\WindowsRE\Winre.wim,{ff197eab-84ae-11e0-b7dc-001aa075c955}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[\Device\HarddiskVolume2]\Recovery\WindowsRE\Winre.wim,{ff197eab-84ae-11e0-b7dc-001aa075c955}
systemroot \windows
nx OptIn
winpe Yes

Resume from Hibernate
---------------------
identifier {ff197ea8-84ae-11e0-b7dc-001aa075c955}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=\Device\HarddiskVolume2
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes

EMS Settings
------------
identifier {emssettings}
custom:26000022 Yes

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

Device options
--------------
identifier {ff197eab-84ae-11e0-b7dc-001aa075c955}
description Ramdisk Options
ramdisksdidevice partition=\Device\HarddiskVolume2
ramdisksdipath \Recovery\WindowsRE\boot.sdi

ken545
2012-01-22, 22:44
Darn your good :bigthumb:

This is the malware

EMS Settings
------------
identifier {emssettings}
custom:26000022 Yes


I want someone else to look at it as its a very delicate removal. Be right back

ken545
2012-01-23, 01:30
What were going to do is remove the malware entry and then reset the value back to default, its important that this is run from an Elevated Command Prompt, not just the command prompt.

This is the way to do it.

1. Click the Start button .
2. In the Search box, type command prompt.
3. In the list of results, right-click Command Prompt, and then click Run as administrator.

If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

Then enter these one at a time, you may be able to copy and paste, after you do the first one press enter to excute

bcdedit /deletevalue {0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9} custom:26000022

Then go to the Elevated Command Prompt again and insert this second one

bcdedit /set {0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9} bootems Yes



Exit the command prompt, reboot and let me know how things are running

shcorley
2012-01-23, 02:54
WWWOOOOHOOOOO.......!!!!!

I am not getting redirected in FF nor IE......I think you got it!

-Scott

ken545
2012-01-23, 03:19
Thats wonderful Scott. I had a few people behind the scenes lend a hand.

Go ahead and run the instructions again for the screenshot of Disk Management

shcorley
2012-01-23, 03:29
Ken, here is the latest DDS


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Holly at 20:25:05 on 2012-01-22
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4056.2668 [GMT -5:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Users\Holly\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.dell.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10o_ActiveX.exe -update activex
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
StartupFolder: C:\Users\Holly\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Holly\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: DhcpNameServer = 192.168.5.1
TCP: Interfaces\{302245DC-2E29-41B5-9422-3D20B34F161D} : DhcpNameServer = 192.168.5.1
TCP: Interfaces\{302245DC-2E29-41B5-9422-3D20B34F161D}\D4F445F425F4C414D23344236354 : DhcpNameServer = 24.247.15.53 66.189.0.100 24.178.162.3
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
BHO-X64: Ad-Aware Security Toolbar - No File
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Holly\AppData\Roaming\Mozilla\Firefox\Profiles\7b5zwuw5.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/?_bc=1
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe [2011-5-22 89600]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-5-29 136360]
R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-5-29 269480]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-11-3 2152152]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-5-29 1153368]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2012-1-2 17152]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-27 136176]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-27 136176]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-01-22 19:37:04 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{10B18553-1B04-461B-90CC-E2370AB6A41E}\mpengine.dll
2012-01-17 03:31:56 -------- d-----w- C:\Users\Holly\AppData\Roaming\SUPERAntiSpyware.com
2012-01-17 03:31:30 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-01-17 03:31:30 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-01-17 01:45:50 -------- d-sh--w- C:\$RECYCLE.BIN
2012-01-17 00:33:06 -------- d-----w- C:\ComboFix
2012-01-15 22:45:13 35712 ----a-w- C:\Windows\SysWow64\drivers\BlackBox.sys
2012-01-15 03:00:23 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-15 03:00:23 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-15 03:00:23 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-15 03:00:23 43992 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll
2012-01-14 03:28:54 -------- d-----w- C:\Program Files (x86)\ESET
2012-01-13 01:02:40 -------- d-----w- C:\_OTL
2012-01-11 23:38:45 98816 ----a-w- C:\Windows\sed.exe
2012-01-11 23:38:45 518144 ----a-w- C:\Windows\SWREG.exe
2012-01-11 23:38:45 256000 ----a-w- C:\Windows\PEV.exe
2012-01-11 23:38:45 208896 ----a-w- C:\Windows\MBR.exe
2012-01-11 23:36:26 1572864 ----a-w- C:\Windows\System32\quartz.dll
2012-01-11 23:36:26 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll
2012-01-11 23:36:25 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-01-11 23:36:25 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-01-11 23:36:23 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2012-01-11 23:36:23 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-01-11 23:36:21 77312 ----a-w- C:\Windows\System32\packager.dll
2012-01-11 23:36:21 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-01-07 00:26:59 -------- d-----w- C:\Users\Holly\AppData\Local\Diagnostics
2012-01-05 01:46:36 -------- d-----w- C:\ProgramData\PC Tools
2012-01-02 21:12:53 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
2012-01-02 21:05:57 -------- d-----w- C:\Users\Holly\AppData\Local\adaware
2012-01-02 21:05:55 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection
2012-01-02 21:05:51 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner
2012-01-02 21:05:48 -------- d-----w- C:\Program Files (x86)\adawaretb
2012-01-02 21:05:40 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys
2012-01-02 21:05:32 -------- d-----w- C:\Program Files (x86)\Lavasoft
2011-12-31 01:34:13 684297 ----a-w- C:\unhide.exe
2011-12-31 01:28:32 -------- d-----w- C:\Users\Holly\AppData\Roaming\Malwarebytes
2011-12-31 01:28:16 -------- d-----w- C:\ProgramData\Malwarebytes
2011-12-31 01:28:15 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-12-30 23:09:04 363520 ----a-w- C:\scott kill.com
2011-12-30 23:08:41 363520 ----a-w- C:\rkill.com
2011-12-27 02:58:00 -------- d-----r- C:\Users\Holly\Dropbox
2011-12-27 02:56:34 -------- d-----w- C:\Users\Holly\AppData\Roaming\Dropbox
.
==================== Find3M ====================
.
2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys
2011-11-16 23:07:13 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-15 19:29:56 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-11-05 05:32:50 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-11-05 04:26:03 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll
2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-10-26 05:21:20 43520 ----a-w- C:\Windows\System32\csrsrv.dll
.
============= FINISH: 20:25:56.08 ===============

ken545
2012-01-23, 03:35
Ok, we must have crossed post as I changed my instructions but looking over DDS is fine, but go ahead and post another screenshot from Disk Management

shcorley
2012-01-23, 03:37
Not sure why I just did DDS....not reading well I guess. the screen shot is attached.

shcorley
2012-01-23, 03:39
now i feel better. I swore I read DDS then when I looked at the post again it wasn't there. I'm not losing it :-)

ken545
2012-01-23, 04:48
One more fix to go, we need to use xPud again and this time it will search for the hidden partition and delete it



Boot into xPUD then click the File tab.
Press File
Expand mnt
Click on the folder under mnt that represents your USB drive (sdb1 ?)
You should see the tdl_fix.sh file in the main window.
Select Tool from the Menu
Choose Open Terminal
Type bash tdl_fix.sh -delete then press Enter.
** Make sure to leave a space to either side of tdl_fix.sh in the command.
You should be notified of a hidden partition found and prompted to delete it.
Type y then press Enter.
The script will complete and prompt you to reboot the computer.
Close the Terminal window and restart back into Windows.
Post the contents of the tdl_delete.txt file that was created on your flash drive.


Note - in the event there is a problem booting the computer normally after running the script, run the tdl_fix.sh script again using the following command.

bash tdl_fix.sh -restore

Make sure to leave a space to either side of tdl_fix.sh in the command.
This will prompt you to use the file tdl_mbr_sda.bin on drive sda.
Ok the procedure then restart when complete.

shcorley
2012-01-23, 05:26
Here is the delete.txt results

2012-01-22-22:22:21

using tdl_delete_sda.bin

Model: ATA TOSHIBA MK3265GS (scsi)
Disk /dev/sda: 320GB
Sector size (logical/physical): 512B/512B
Partition Table: msdos

Number Start End Size Type File system Flags
1 32.3kB 140MB 140MB primary fat16
2 141MB 11.6GB 11.5GB primary ntfs boot
3 11.6GB 320GB 308GB primary ntfs
4 320GB 320GB 1393kB primary ntfs hidden

Hidden partition found on sda
sda4 is hidden
Deleting partition 4 on drive sda

Model: ATA TOSHIBA MK3265GS (scsi)
Disk /dev/sda: 320GB
Sector size (logical/physical): 512B/512B
Partition Table: msdos

Number Start End Size Type File system Flags
1 32.3kB 140MB 140MB primary fat16
2 141MB 11.6GB 11.5GB primary ntfs boot
3 11.6GB 320GB 308GB primary ntfs

No hidden partition on sdc

ken545
2012-01-23, 10:37
All looks well, booting up alright, no problems ?


Scott, can you do me a favor and post another screenshot of Disk Mangement , just want to compare it to the old one so I know what to look for in future threads

You need to update your Java. Go into the Control Panel and open Java , go to the update tab and have it check for updates, download and install the latest update which is Version 6 Update 29, once it installs you can go back into Programs and Features in the Control Panel and uninstall any previous versions

shcorley
2012-01-24, 02:35
Ken, attached is the screen shot. I've been getting messages to update Java, but haven't while you were doing your thing. I will now.

Do we need to delete any of the programs we downloaded during the fix?

ken545
2012-01-24, 02:42
Yep, that hidden infected partition is gone :bigthumb: Glad things are back to normal and we could help you




Click START then RUN
Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.


http://i526.photobucket.com/albums/cc345/MPKwings/CF-Uninstall.png




Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups, any programs that where not removed you can just drag to the trash.


Malwarebytes is the free version and yours to keep and will not be removed



How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/index.php?showtopic=57817)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)



Safe Surfn
Ken

shcorley
2012-01-24, 04:42
Ken, I can't thank you enough! I really appreciate all the help. I've supported with a donation and will continue to use Sbybot.

Thanks for what you do!

-Scott

ken545
2012-01-24, 11:16
Your very welcome Scott

Take care,

Ken :)

ken545
2012-01-28, 13:55
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.