View Full Version : Can't get rid of ad.yieldmanager.com
courtneymc
2012-03-10, 21:14
Every time I scan my computer with spybot sd it finds this ad.yieldmanager.com
It says it removes it, but it finds again, even if I haven't done anything but immediately rescan- so it's not really gone.
Here is my DDS file. Thank you very much! I have the attach.txt file attached as well.
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Courtney at 14:50:56 on 2012-03-10
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3999.1511 [GMT -5:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Users\Courtney\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://yahoo.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: hpBHO Class: {abd3b5e1-b268-407b-a150-2641dab8d898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [Google Update] "C:\Users\Courtney\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
mRun: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Courtney\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GOOGLE~1.LNK - C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
uPolicies-system: WallpaperStyle = 2
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-system: WallpaperStyle = 2
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
Trusted Zone: intuit.com\ttlc
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{31B524DF-D674-4340-949D-574B089D02EE} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{31B524DF-D674-4340-949D-574B089D02EE}\0534B4D484F6D656 : DhcpNameServer = 65.32.5.111 65.32.5.112 192.168.1.1
TCP: Interfaces\{31B524DF-D674-4340-949D-574B089D02EE}\75942554C454353513 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{3DC90021-B8C9-42BC-B7FB-B45A8BA8812E} : DhcpNameServer = 65.32.5.111 65.32.5.112
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: hpBHO Class: {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
BHO-X64: HelloWorldBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun-x64: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun-x64: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Courtney\AppData\Roaming\Mozilla\Firefox\Profiles\yfvqc6wy.default\
FF - prefs.js: browser.startup.homepage - yahoo.com
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol500.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Courtney\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Users\Courtney\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Courtney\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2010-7-2 89600]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-6-15 249648]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-10-28 2152152]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-6-20 1153368]
R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2009-11-17 2477304]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-2-15 138360]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2011-9-2 17152]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-7-7 195336]
S3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-8-15 227896]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MosIrUsb;MosIrUsb.sys;C:\Windows\system32\DRIVERS\MosIrUsb.sys --> C:\Windows\system32\DRIVERS\MosIrUsb.sys [?]
S3 NETw1v64;Intel(R) Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw1v64.sys --> C:\Windows\system32\DRIVERS\NETw1v64.sys [?]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2012-03-06 17:57:30 -------- d-----w- C:\Users\Courtney\AppData\Local\52DA4B3F-6A18-4801-84B4-86F0D4A97B7D.aplzod
2012-03-01 21:14:51 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4266B430-A564-4B73-B4CF-E1D6E2EB19AD}\offreg.dll
2012-02-25 23:39:05 -------- d-----w- C:\Users\Courtney\AppData\Roaming\.minecraft
2012-02-15 15:13:56 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-02-15 15:13:56 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-02-15 15:13:53 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-02-15 15:13:53 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2012-02-15 15:13:42 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-02-15 15:13:40 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-02-15 15:13:36 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-02-15 15:13:36 634880 ----a-w- C:\Windows\System32\msvcrt.dll
.
==================== Find3M ====================
.
2012-03-06 20:54:39 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-01 21:24:54 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-12-14 07:11:03 2308096 ----a-w- C:\Windows\System32\jscript9.dll
2011-12-14 07:04:30 1390080 ----a-w- C:\Windows\System32\wininet.dll
2011-12-14 07:03:38 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-12-14 06:57:28 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-12-14 03:04:54 1798656 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-12-14 02:57:18 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-12-14 02:56:58 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-12-14 02:50:04 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 14:52:08.62 ===============
:welcome:
Sorry for the delay. yieldmanager is not a virus or anything to be alarmed about, its a tracking cookie that monitors sites you visit.
Open Internet Explorer and go to Tools> Internet Options> Privacy Tab > Sites and add ad.yieldmanager.com to the list of blocked sites
Is this a company computer ?
courtneymc
2012-03-18, 13:06
Hi,
I use firefox, is there something similar to do for Firefox too? Once I do that, will it stop 'finding' it every time I scan or will it always be there, just blocked?
No, it's a personal computer, not a work one.
Thanks!
You can try this and add yealdmanager to block
Tools>Options>Content> select "Block pop-up windows
While your here, run this program, its the free version
Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please
courtneymc
2012-03-18, 15:45
Hi,
attaching the log- but it didn't find anything. Also, I already had yieldmanager blocked on both firefox and IE, I was on a different computer when I replied before, and popups were blocked.
So maybe it's just there, but not doing anything, and not possible to remove it??
thanks,
Well, Like I said, its not malicious, just a tracking cookie and the only thing you can do is try to block them
For Internet Explorer: Tools > Internet Options > Privacy > Sites: type in yieldmanager.com > Block.
For Firefox: Tools > Options > Privacy > Use custom settings for history > Exceptions > Address of web sites: type in yieldmanager.com > Block.
Malwarebytes looks fine, it appears your system is ok. Are you having any issues related to browser redirects ?
courtneymc
2012-03-18, 17:57
No, no problems with redirects. Like I said, the stuff was already set on those block lists. It just seems strange that every week it comes up in my spybot scan and although spybot says it removed it, even if I rescan immediately, do nothing else first, it still comes up.
You can remove all traces of it with SuperAntiSpyware
Download SuperAntiSpyware (http://www.superantispyware.com/superantispyware.html)
Install it and double-click the icon on your desktop to run it.
It will ask if you want to update the program definitions, click Yes.
Under Configuration and Preferences, click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked:
Close browsers before scanning
Scan for tracking cookies
Terminate memory threats before quarantining.
Please leave the others unchecked.
Click the Close button to leave the control center screen.
On the main screen, under Scan for Harmful Software click Scan your computer.
On the left check C:\Fixed Drive.
On the right, under Complete Scan, choose Perform Complete Scan.
Click Next to start the scan. Please be patient while it scans your computer.
After the scan is complete a summary box will appear. Click OK.
Make sure everything in the white box has a check next to it, then click Next.
It will quarantine what it found and if it asks if you want to reboot, click Yes.
To retrieve the removal information for me please do the following:
After reboot, double-click the SUPERAntispyware icon on your desktop.
Click Preferences. Click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
It will open in your default text editor (such as Notepad/Wordpad).
Please highlight everything in the notepad, then right-click and choose copy.
Click close and close again to exit the program.
Please paste that information here for me to see.
courtneymc
2012-03-19, 01:37
Wow- it found a TON of tracking cookies to delete!
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 03/18/2012 at 07:54 PM
Application Version : 5.0.1146
Core Rules Database Version : 8347
Trace Rules Database Version: 6159
Scan type : Complete Scan
Total Scan Time : 02:08:06
Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User
Memory items scanned : 672
Memory threats detected : 0
Registry items scanned : 67595
Registry threats detected : 0
File items scanned : 233664
File threats detected : 303
Adware.Tracking Cookie
C:\USERS\COURTNEY\AppData\Roaming\Microsoft\Windows\Cookies\Low\VCSYX3MO.txt [ Cookie:courtney@media.brevard.k12.fl.us/ ]
.msnbc.112.2o7.net [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.firstmarketinggroup.112.2o7.net [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.kodakimagingnetwork.122.2o7.net [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.247realmedia.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.pointroll.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.emi.122.2o7.net [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.hearstmagazines.112.2o7.net [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.pro-market.net [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.pro-market.net [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.pro-market.net [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.pro-market.net [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
sales.liveperson.net [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
sales.liveperson.net [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.rcci.122.2o7.net [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.traveladvertising.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.aarf.122.2o7.net [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.timeinc.122.2o7.net [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.find.myrecipes.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.find.myrecipes.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.find.myrecipes.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.surveymonkey.122.2o7.net [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.kontera.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.overture.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.trvlnet.adbureau.net [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.trvlnet.adbureau.net [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.trvlnet.adbureau.net [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.overture.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.kontera.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.kontera.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.edge.ru4.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.bizrate.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
link.mercent.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.tacoda.net [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.kanoodle.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.kanoodle.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.thinkgeek.112.2o7.net [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.lucasarts.122.2o7.net [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.112.2o7.net [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.112.2o7.net [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.movieticketscom.122.2o7.net [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
cdn4.specificclick.net [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
cdn4.specificclick.net [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
cdn4.specificclick.net [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.traveladvertising.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.hotelscom.122.2o7.net [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.jibjab.112.2o7.net [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.warnerbros.112.2o7.net [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.adxpose.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.oasn04.247realmedia.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.247realmedia.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.247realmedia.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.247realmedia.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.content.yieldmanager.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.edge.ru4.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.edge.ru4.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.traveladvertising.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.dmtracker.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.at.atwola.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.adserver.adtechus.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.adecn.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
dc.tremormedia.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.wachovia.112.2o7.net [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
www.burstbeacon.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.burstbeacon.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.sexandthecitymovie.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.sexandthecitymovie.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.sexandthecitymovie.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.yieldmanager.net [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.traveladvertising.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
stat.onestat.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
stat.onestat.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.bs.serving-sys.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.brighthouse.122.2o7.net [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.specificmedia.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.nikon.112.2o7.net [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.cnetasiapacific.122.2o7.net [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.chitika.net [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.adinterax.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.adinterax.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.samsclub.112.2o7.net [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.content.yieldmanager.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
ads.bridgetrack.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
ads.bridgetrack.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.oasn04.247realmedia.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.leadback.advertising.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
sales.liveperson.net [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.sesamestats.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.sesamestats.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.sesamestats.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.ev.ads.pointroll.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.myaccount.bellsouth.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.myaccount.bellsouth.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.at.atwola.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.at.atwola.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
cdn1.trafficmp.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
cdn1.trafficmp.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.pointroll.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.tacoda.net [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.tacoda.net [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.tacoda.net [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.tacoda.net [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.tacoda.net [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.secure.leadback.advertising.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.richmedia.yahoo.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.fastclick.net [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.tribalfusion.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.edge.ru4.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
network.realmedia.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.specificmedia.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
cdn4.specificclick.net [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
cdn4.specificclick.net [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
cdn4.specificclick.net [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.burstnet.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.www.burstnet.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.burstnet.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
www.burstnet.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
oasc17.247realmedia.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
oasc05.247realmedia.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.specificclick.net [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.specificclick.net [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.specificclick.net [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.specificclick.net [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.specificclick.net [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.fastclick.net [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.fastclick.net [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\USERS\COURTNEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\COURTNEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFVQC6WY.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\COURTNEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFVQC6WY.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\COURTNEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFVQC6WY.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\COURTNEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFVQC6WY.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\COURTNEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFVQC6WY.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\COURTNEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFVQC6WY.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\COURTNEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFVQC6WY.DEFAULT\COOKIES.SQLITE ]
ext-us.bestofmedia.com [ C:\USERS\COURTNEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFVQC6WY.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\COURTNEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFVQC6WY.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\COURTNEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFVQC6WY.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\COURTNEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFVQC6WY.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\COURTNEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFVQC6WY.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\COURTNEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFVQC6WY.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\COURTNEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFVQC6WY.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\COURTNEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFVQC6WY.DEFAULT\COOKIES.SQLITE ]
www.insightexpress.com [ C:\USERS\COURTNEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFVQC6WY.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\COURTNEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFVQC6WY.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\COURTNEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFVQC6WY.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\COURTNEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFVQC6WY.DEFAULT\COOKIES.SQLITE ]
.specificmedia.com [ C:\USERS\COURTNEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFVQC6WY.DEFAULT\COOKIES.SQLITE ]
.specificmedia.com [ C:\USERS\COURTNEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFVQC6WY.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\COURTNEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFVQC6WY.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\COURTNEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFVQC6WY.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\COURTNEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFVQC6WY.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\COURTNEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFVQC6WY.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\COURTNEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFVQC6WY.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\COURTNEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFVQC6WY.DEFAULT\COOKIES.SQLITE ]
.intermundomedia.com [ C:\USERS\COURTNEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFVQC6WY.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\COURTNEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFVQC6WY.DEFAULT\COOKIES.SQLITE ]
.lynxtrack.com [ C:\USERS\COURTNEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFVQC6WY.DEFAULT\COOKIES.SQLITE ]
.account.live.com [ C:\USERS\COURTNEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFVQC6WY.DEFAULT\COOKIES.SQLITE ]
.adinterax.com [ C:\USERS\COURTNEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFVQC6WY.DEFAULT\COOKIES.SQLITE ]
.adinterax.com [ C:\USERS\COURTNEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFVQC6WY.DEFAULT\COOKIES.SQLITE ]
.eyewonder.com [ C:\USERS\COURTNEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFVQC6WY.DEFAULT\COOKIES.SQLITE ]
.eyewonder.com [ C:\USERS\COURTNEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFVQC6WY.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\COURTNEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFVQC6WY.DEFAULT\COOKIES.SQLITE ]
.mediafire.com [ C:\USERS\COURTNEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFVQC6WY.DEFAULT\COOKIES.SQLITE ]
.mediafire.com [ C:\USERS\COURTNEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFVQC6WY.DEFAULT\COOKIES.SQLITE ]
.mediafire.com [ C:\USERS\COURTNEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFVQC6WY.DEFAULT\COOKIES.SQLITE ]
.mediafire.com [ C:\USERS\COURTNEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFVQC6WY.DEFAULT\COOKIES.SQLITE ]
.mediafire.com [ C:\USERS\COURTNEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFVQC6WY.DEFAULT\COOKIES.SQLITE ]
.mediafire.com [ C:\USERS\COURTNEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFVQC6WY.DEFAULT\COOKIES.SQLITE ]
Adware.CouponBar
C:\USERS\COURTNEY\APPDATA\LOCAL\TEMP\CPNPRT2.CID
What I would do is to keep SuperAntiSpyware as its the free version and also Spybot and just remove them all from time to time. You can set your browsers to block all cookies but then you will not be able to access most sites as even the legit ones require cookies
courtneymc
2012-03-19, 01:57
Crazy- I just re-ran spybot and it's still finding the yieldmanager thing. I guess I'm stuck with it. oh well.
thanks for your help!
Lets see if we can pinpoint where its at. First add this to the blocked sites in both IE and FF yieldmanager.net and .content.yieldmanager.com
Then run Spybot again and post the log from the scan
courtneymc
2012-03-19, 12:39
here is the spybot log:
--- Search result list ---
Right Media: Tracking cookie (Internet Explorer: Courtney) (Cookie, fixed)
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2010-06-20 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2012-01-16 Includes\Adware.sbi (*)
2012-03-13 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-11-29 Includes\DialerC.sbi (*)
2012-01-31 Includes\HeavyDuty.sbi (*)
2011-03-29 Includes\Hijackers.sbi (*)
2011-10-04 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2012-03-13 Includes\Keyloggers.sbi (*)
2012-03-13 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2012-01-10 Includes\Malware.sbi (*)
2012-03-13 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2012-02-28 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2011-02-24 Includes\Security.sbi (*)
2011-12-13 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2012-01-17 Includes\Spyware.sbi (*)
2012-02-28 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2011-09-28 Includes\Trojans.sbi (*)
2012-03-06 Includes\TrojansC-02.sbi (*)
2012-03-12 Includes\TrojansC-03.sbi (*)
2012-03-13 Includes\TrojansC-04.sbi (*)
2012-03-05 Includes\TrojansC-05.sbi (*)
2012-03-09 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
--- System information ---
Unknown Windows version 6.1 (Build: 7601) Service Pack 1 (6.1.7601)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB954430)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB973688)
--- Startup entries list ---
Located: HK_LM:Run,
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, Adobe ARM
command: "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
file: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
size: 843712
MD5: B8E421C0890356CD4A793D8A346D9096
Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
file: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
size: 37296
MD5: 505F022493D471025ADD399A4162208B
Located: HK_LM:Run, APSDaemon
command: "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
file: C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
size: 59240
MD5: 35AC4B63CBB9FB6B4472913E9948B517
Located: HK_LM:Run, BCSSync
command: "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
file: C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe
size: 91520
MD5: 901AA7A38CE13F14B6BBEC38C0595698
Located: HK_LM:Run, ccApp
command: "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
file: C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
size: 115560
MD5: 187A956FB8F79DB449A28A0D08657EFF
Located: HK_LM:Run, HP Software Update
command: C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
file: C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
size: 49208
MD5: C637FC4638A96165256B28D38DE7B953
Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
file: C:\Program Files (x86)\iTunes\iTunesHelper.exe
size: 421736
MD5: 7746FF4871C7EE3C169D19B424A47710
Located: HK_LM:Run, NortonOnlineBackupReminder
command: "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
file: C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe
size: 581480
MD5: E8F915D5140A75ABFF036BBF9D0941AD
Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
file: C:\Program Files (x86)\QuickTime\QTTask.exe
size: 421888
MD5: AF43C4F7F3C8BC95DAD95024F96CDC4A
Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
file: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
size: 254696
MD5: 98A078F838A70F84E1BD490D7C7675F4
Located: HK_LM:Run, UCam_Menu
command: "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
file: C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
size: 218408
MD5: 5C5D40DDDE89190B2B3A19EDAC1CCF55
Located: HK_LM:Run, UpdatePRCShortCut
command: "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
file: C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe
size: 222504
MD5: 4EFCDF3DB1BBA69C09622991280C4ACB
Located: HK_LM:Run, WirelessAssistant
command: C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
file: C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
size: 500792
MD5: A171B56DA31CEA530BFC03734841BD79
Located: HK_CU:Run, Sidebar
where: S-1-5-19...
command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
file: C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
size: 1174016
MD5: DCCA4B04AF87E52EF9EAA2190E06CBAC
Located: HK_CU:RunOnce, mctadmin
where: S-1-5-19...
command: C:\Windows\System32\mctadmin.exe
file: C:\Windows\System32\mctadmin.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:Run, Sidebar
where: S-1-5-20...
command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
file: C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
size: 1174016
MD5: DCCA4B04AF87E52EF9EAA2190E06CBAC
Located: HK_CU:RunOnce, mctadmin
where: S-1-5-20...
command: C:\Windows\System32\mctadmin.exe
file: C:\Windows\System32\mctadmin.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:Run, Google Update
where: S-1-5-21-1821525435-2388932823-2714717496-1001...
command: "C:\Users\Courtney\AppData\Local\Google\Update\GoogleUpdate.exe" /c
file: C:\Users\Courtney\AppData\Local\Google\Update\GoogleUpdate.exe
size: 136176
MD5: F02A533F517EB38333CB12A9E8963773
Located: HK_CU:Run, iCloudServices
where: S-1-5-21-1821525435-2388932823-2714717496-1001...
command: C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
file: C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
size: 59240
MD5: 490AFE9936155466526202C56BD9605E
Located: HK_CU:Run, MobileDocuments
where: S-1-5-21-1821525435-2388932823-2714717496-1001...
command: C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
file: C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
size: 59240
MD5: E0E15F209360E4A97ABCC21A486B4AEE
Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-1821525435-2388932823-2714717496-1001...
command: C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
size: 2260480
MD5: 390679F7A217A5E73D756276C40AE887
Located: HK_CU:Run, SUPERAntiSpyware
where: S-1-5-21-1821525435-2388932823-2714717496-1001...
command: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
file: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
size: 4785536
MD5: 26E58AEDCDA906BF5AE35D40CBFD6EA4
Located: Startup (common), Google Calendar Sync.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
file: C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
size: 542264
MD5: C5B5552E5C1A0079C1F7313E7CC7707E
Located: Startup (common), HP Digital Imaging Monitor.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
file: C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
size: 275072
MD5: EAA666E9DD8DCDA6E075087091CB85EE
--- Browser helper object list ---
{0347C33E-8762-4905-BF09-768834316C61} (HP Print Enhancer)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: HP Print Enhancer
CLSID name: HP Print Enhancer
Path: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\
Long name: hpswp_printenhancer.dll
Short name: HPSWP_~3.DLL
Date (created): 10/22/2009 5:29:58 AM
Date (last access): 6/14/2010 9:32:22 PM
Date (last write): 10/22/2009 5:29:58 AM
Filesize: 328248
Attributes: archive
MD5: 972F4608E0BA74BE1DB448947E5A9822
CRC32: C87DAD78
Version: 132.0.55458.0
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (AcroIEHelperStub)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: AcroIEHelperStub
CLSID name: Adobe PDF Link Helper
Path: C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelperShim.dll
Short name: ACROIE~2.DLL
Date (created): 1/3/2012 12:16:32 PM
Date (last access): 1/13/2012 4:11:36 PM
Date (last write): 1/3/2012 12:16:32 PM
Filesize: 75200
Attributes: archive
MD5: 1F9B3487739B31C3D770728CB157A54D
CRC32: 3F012C08
Version: 9.5.0.270
{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDHelper.dll
info link: http://www.safer-networking.org/
info source: Safer-Networking Ltd.
Path: C:\PROGRA~2\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 6/20/2010 4:58:10 PM
Date (last access): 6/20/2010 4:58:10 PM
Date (last write): 1/26/2009 3:31:02 PM
Filesize: 1879896
Attributes: archive
MD5: 022C2F6DCCDFA0AD73024D254E62AFAC
CRC32: 5BA24007
Version: 1.6.2.14
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Groove GFS Browser Helper
Path: C:\PROGRA~2\MICROS~4\Office14\
Long name: GROOVEEX.DLL
Short name:
Date (created): 6/12/2011 11:15:00 AM
Date (last access): 9/16/2011 8:48:02 AM
Date (last write): 6/12/2011 11:15:00 AM
Filesize: 4221328
Attributes: archive
MD5: FB8C6A46EAF7585D2CA8583C4C9A8EDF
CRC32: F6E23C3B
Version: 14.0.6106.5000
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (Java(tm) Plug-In SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In SSV Helper
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: ssv.dll
Short name:
Date (created): 3/1/2012 5:24:56 PM
Date (last access): 3/1/2012 5:24:56 PM
Date (last write): 3/1/2012 5:24:56 PM
Filesize: 325408
Attributes: archive
MD5: 8E6C86726B67D3FAA3144849B9AAC06C
CRC32: B1F4AB5B
Version: 6.0.310.5
{9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live ID Sign-in Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Windows Live ID Sign-in Helper
Path: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\
Long name: WindowsLiveLogin.dll
Short name: WINDOW~1.DLL
Date (created): 9/21/2010 2:08:38 PM
Date (last access): 10/25/2010 2:17:10 PM
Date (last write): 9/21/2010 2:08:38 PM
Filesize: 439168
Attributes: archive
MD5: 6BF01E200063D7274F3AF06D226671F5
CRC32: C8953126
Version: 7.250.4225.0
{ABD3B5E1-B268-407B-A150-2641DAB8D898} (HelloWorldBHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: HelloWorldBHO
CLSID name: hpBHO Class
Path: C:\Program Files (x86)\Common Files\Homepage Protection\
Long name: HomepageProtection.dll
Short name: HOMEPA~1.DLL
Date (created): 6/8/2009 5:41:24 PM
Date (last access): 8/15/2009 1:48:34 AM
Date (last write): 6/8/2009 5:41:24 PM
Filesize: 120104
Attributes: archive
MD5: 097E5757DCC2DFEBEB5502218DC707EF
CRC32: 929EA499
Version: 1.0.0.4
{B4F3A835-0E21-4959-BA22-42B3008E02FF} (URLRedirectionBHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: URLRedirectionBHO
CLSID name: Office Document Cache Handler
Path: C:\PROGRA~2\MICROS~4\Office14\
Long name: URLREDIR.DLL
Short name:
Date (created): 12/21/2010 1:05:22 AM
Date (last access): 7/10/2011 6:48:36 PM
Date (last write): 12/21/2010 1:05:22 AM
Filesize: 561552
Attributes: archive
MD5: A5D08B86E8A437AA6DEAF7A187BF6CA5
CRC32: CEA4973B
Version: 14.0.6015.1000
{d2ce3e00-f94a-4740-988e-03dc2f38c34f} (Bing Bar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Bing Bar Helper
Path: "C:\Program Files (x86)\Microsoft\BingBar\
Long name: BingExt.dll"
{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In 2 SSV Helper
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 3/1/2012 5:24:56 PM
Date (last access): 3/1/2012 5:24:56 PM
Date (last write): 3/1/2012 5:24:56 PM
Filesize: 42272
Attributes: archive
MD5: A9770771B622A871643EA2A4A3983E95
CRC32: D1C0DA03
Version: 6.0.310.5
{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} (HP Smart BHO Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: HP Smart BHO Class
CLSID name: HP Smart BHO Class
Path: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\
Long name: hpswp_BHO.dll
Short name: HPSWP_~1.DLL
Date (created): 10/22/2009 5:29:56 AM
Date (last access): 6/14/2010 9:32:22 PM
Date (last write): 10/22/2009 5:29:56 AM
Filesize: 517688
Attributes: archive
MD5: 4743B45C41BE35709F81BEC62FDA0AA0
CRC32: CC2D5870
Version: 132.0.55458.0
--- ActiveX list ---
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_31
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 3/1/2012 5:24:56 PM
Date (last access): 3/1/2012 5:24:56 PM
Date (last write): 3/1/2012 5:24:56 PM
Filesize: 104224
Attributes: archive
MD5: C7AD5E5E4FC8AF697A91BF56D1806B8D
CRC32: D5225578
Version: 6.0.310.5
{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_31
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 3/1/2012 5:24:56 PM
Date (last access): 3/1/2012 5:24:56 PM
Date (last write): 3/1/2012 5:24:56 PM
Filesize: 104224
Attributes: archive
MD5: C7AD5E5E4FC8AF697A91BF56D1806B8D
CRC32: D5225578
Version: 6.0.310.5
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_31
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: npjpi160_31.dll
Short name: NPJPI1~1.DLL
Date (created): 3/1/2012 5:24:56 PM
Date (last access): 3/1/2012 5:24:56 PM
Date (last write): 3/1/2012 5:24:56 PM
Filesize: 141088
Attributes: archive
MD5: 77149DCA2C3134C50150ECD33593F4A8
CRC32: 88B54397
Version: 6.0.310.5
{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer:
Codebase:
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\Windows\SysWOW64\Macromed\Flash\
Long name: Flash11c.ocx
Short name:
Date (created): 10/29/2011 5:55:20 PM
Date (last access): 10/29/2011 5:55:20 PM
Date (last write): 10/29/2011 5:55:20 PM
Filesize: 8627360
Attributes: readonly archive
MD5: BD007D624E4CD905AB2E8DF2C6DE891C
CRC32: D59CAAAD
Version: 11.0.1.152
--- Process list ---
PID: 0 ( 0) [System]
PID: 2952 ( 696) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
size: 50544
MD5: 4CC38227FE6086678720AF8FBD764B6E
PID: 3608 (1432) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
size: 1187072
MD5: 0830E6BA8463BEF96CF69C1993F74A4B
PID: 4080 (2016) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
size: 59240
MD5: 490AFE9936155466526202C56BD9605E
PID: 3284 (2016) C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
size: 59240
MD5: E0E15F209360E4A97ABCC21A486B4AEE
PID: 3748 (2016) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
size: 2260480
MD5: 390679F7A217A5E73D756276C40AE887
PID: 3840 (2016) C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
size: 542264
MD5: C5B5552E5C1A0079C1F7313E7CC7707E
PID: 3296 (2016) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
size: 275072
MD5: EAA666E9DD8DCDA6E075087091CB85EE
PID: 3084 (3744) C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
size: 115560
MD5: 187A956FB8F79DB449A28A0D08657EFF
PID: 4160 (3284) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
size: 13672
MD5: BB3A22F3EED85A12CFB2DD60D9F9B52F
PID: 4228 (3744) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
size: 49208
MD5: C637FC4638A96165256B28D38DE7B953
PID: 4264 (3744) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
size: 254696
MD5: 98A078F838A70F84E1BD490D7C7675F4
PID: 4300 (3744) C:\Program Files (x86)\iTunes\iTunesHelper.exe
size: 421736
MD5: 7746FF4871C7EE3C169D19B424A47710
PID: 4456 ( 696) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
size: 59240
MD5: 35AC4B63CBB9FB6B4472913E9948B517
PID: 5000 (3296) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
size: 174952
MD5: C180E890FFE0FDED8306427D3C836AF2
PID: 5112 ( 696) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
size: 565096
MD5: B29A08A0CB56CD5A4B9C53A011819657
PID: 2612 ( 696) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
size: 366720
MD5: 66BB5B07696219FA334452D6F51FD648
PID: 3556 ( 696) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
size: 632888
MD5: 0DE3C7622EC33126579B1742260F08C2
PID: 980 (2016) C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID: 4 ( 0) System
PID: 280 ( 4) smss.exe
PID: 396 ( 388) csrss.exe
PID: 460 ( 448) csrss.exe
PID: 468 ( 388) wininit.exe
size: 96256
PID: 516 ( 448) winlogon.exe
PID: 564 ( 468) services.exe
PID: 572 ( 468) lsass.exe
PID: 580 ( 468) lsm.exe
PID: 696 ( 564) svchost.exe
size: 20992
PID: 764 ( 564) svchost.exe
size: 20992
PID: 864 ( 564) svchost.exe
size: 20992
PID: 896 ( 564) svchost.exe
size: 20992
PID: 924 ( 564) svchost.exe
size: 20992
PID: 948 ( 564) stacsv64.exe
PID: 712 ( 564) svchost.exe
size: 20992
PID: 1132 ( 564) Smc.exe
PID: 1228 ( 564) svchost.exe
size: 20992
PID: 1304 ( 564) ccSvcHst.exe
PID: 1432 ( 564) AAWService.exe
PID: 1588 ( 564) spoolsv.exe
PID: 1616 ( 564) svchost.exe
size: 20992
PID: 1760 ( 564) SASCore64.exe
PID: 1804 ( 564) AESTSr64.exe
PID: 1836 ( 564) agr64svc.exe
PID: 1892 ( 564) AppleMobileDeviceService.exe
PID: 1912 ( 564) C:\Windows\System32\taskhost.exe
PID: 1992 ( 896) C:\Windows\System32\dwm.exe
PID: 2016 (1948) C:\Windows\explorer.exe
size: 2871808
MD5: 332FEAB1435662FC6C672E25BEB37BE3
PID: 380 ( 564) SeaPort.EXE
PID: 1192 ( 564) mDNSResponder.exe
PID: 1496 ( 564) svchost.exe
size: 20992
PID: 364 ( 564) HPDrvMntSvc.exe
PID: 1880 ( 564) svchost.exe
size: 20992
PID: 1208 ( 564) LSSrvc.exe
PID: 2196 ( 564) svchost.exe
size: 20992
PID: 2236 ( 564) svchost.exe
size: 20992
PID: 2280 ( 564) RichVideo.exe
PID: 2304 ( 564) svchost.exe
size: 20992
PID: 2336 ( 564) Rtvscan.exe
PID: 2452 (1132) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
size: 3862344
MD5: 4DB775CB3A7A1988F043BA4D0CE9E489
PID: 2560 ( 696) unsecapp.exe
PID: 2660 ( 696) WmiPrvSE.exe
PID: 2668 ( 564) WLIDSVC.EXE
PID: 2824 ( 564) SDWinSec.exe
MD5: 794D4B48DFB6E999537C7C3947863463
PID: 2880 (2668) WLIDSVCM.EXE
PID: 2652 ( 564) svchost.exe
size: 20992
PID: 3260 ( 564) svchost.exe
size: 20992
PID: 3936 (2016) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
size: 1815848
MD5: 435AFCEBC01BE92CF988F86A64DE5B4E
PID: 3944 (2016) C:\Program Files\IDT\WDM\sttray64.exe
size: 487424
MD5: F4290F0F67C0506A825647961C151E0D
PID: 3960 (2016) C:\Windows\System32\hkcmd.exe
PID: 3972 (2016) C:\Windows\System32\igfxpers.exe
PID: 3492 (2016) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
size: 4785536
MD5: 26E58AEDCDA906BF5AE35D40CBFD6EA4
PID: 392 ( 564) SearchIndexer.exe
size: 427520
PID: 3956 (3936) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
size: 120616
MD5: 31FF084BFAA35307DBAB4FA60CF7DBB7
PID: 1100 (3744) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
size: 500792
MD5: A171B56DA31CEA530BFC03734841BD79
PID: 4272 ( 460) C:\Windows\System32\conhost.exe
PID: 4764 ( 564) iPodService.exe
PID: 4880 ( 564) wmpnetwk.exe
PID: 2288 ( 564) hpqWmiEx.exe
PID: 708 (3556) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
size: 311352
MD5: 22309C300E4F1E33BC75EDA065C3C384
PID: 3012 ( 564) svchost.exe
size: 20992
PID: 5580 ( 696) dllhost.exe
size: 7168
PID: 6072 ( 564) OSPPSVC.EXE
PID: 4688 ( 564) HPSA_Service.exe
PID: 1812 ( 564) IntuitUpdateService.exe
PID: 5572 ( 564) IntuitUpdateService.exe
PID: 5292 ( 564) svchost.exe
size: 20992
PID: 2596 ( 564) PresentationFontCache.exe
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 3/19/2012 7:38:04 AM
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://yahoo.com/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\SysWOW64\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896
--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 3: MSAFD Tcpip [TCP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 4: MSAFD Tcpip [UDP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 5: MSAFD Tcpip [RAW/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 6: RSVP TCPv6 Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 7: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 8: RSVP UDPv6 Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 9: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 10: MSAFD Irda [IrDA]
GUID: {3972523D-2AF1-11D1-B655-00805F3642CC}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Infrared protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Irda [IrDA]
Namespace Provider 0: Network Location Awareness Legacy (NLAv1) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename:
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
Namespace Provider 1: E-mail Naming Shim Provider
GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
Filename:
Namespace Provider 2: PNRP Cloud Namespace Provider
GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
Filename:
Namespace Provider 3: PNRP Name Namespace Provider
GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
Filename:
Namespace Provider 4: WindowsLive NSP
GUID: {4177DDE9-6028-479E-B7B7-03591A63FF3A}
Filename: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
Namespace Provider 5: WindowsLive Local NSP
GUID: {229F2A2C-5F18-4A06-8F89-3A372170624D}
Filename: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
Namespace Provider 6: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename:
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP
Namespace Provider 7: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS
Namespace Provider 8: mdnsNSP
GUID: {B600E6E9-553B-4A19-8696-335E5C896153}
Filename: C:\Program Files (x86)\Bonjour\mdnsNSP.dll
Description: Apple Rendezvous protocol
DB filename: %ProgramFiles%\Rendezvous\bin\mdnsNSP.dll
DB protocol: mdnsNSP
I dont see any trace of it on your Spybot log
Download and Run SystemLook
You need to run the 64Bit version
http://jpshortstuff.247fixes.com/beta/SystemLook/SystemLook_x64.exe
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Download Mirror #2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)
Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
:filefind
yieldmanager.net
content.yieldmanager.com
:regfind
yieldmanager.net
content.yieldmanager.com
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
courtneymc
2012-03-20, 01:43
Here is the log - didn't seem to find anything.
Quite the contrary, it found it in the windows registry
Copy the entire contents inside the Quote box and Paste it into Notepad ( this will only work with Notepad ) name the file Regfix.reg and in the drop down box, save it as All Files. Save it to your desktop. Then Rightclick on the Regfix.reg file and click on Merge, when it asks you to merge with the Registry, say yes.
If you saved the file correctly it should look like this http://i24.photobucket.com/albums/c30/ken545/reg.jpg
REGEDIT4
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\yieldmanager.net]
[-HKEY_USERS\S-1-5-21-1821525435-2388932823-2714717496-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\yieldmanager.net]
Then reboot and run Spybot again and if it shows up post the report so I can see where it is
courtneymc
2012-03-20, 19:37
still there :(
--- Search result list ---
Right Media: Tracking cookie (Internet Explorer: Courtney) (Cookie, nothing done)
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2010-06-20 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2012-01-16 Includes\Adware.sbi (*)
2012-03-13 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-11-29 Includes\DialerC.sbi (*)
2012-01-31 Includes\HeavyDuty.sbi (*)
2011-03-29 Includes\Hijackers.sbi (*)
2011-10-04 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2012-03-13 Includes\Keyloggers.sbi (*)
2012-03-13 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2012-01-10 Includes\Malware.sbi (*)
2012-03-13 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2012-02-28 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2011-02-24 Includes\Security.sbi (*)
2011-12-13 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2012-01-17 Includes\Spyware.sbi (*)
2012-02-28 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2011-09-28 Includes\Trojans.sbi (*)
2012-03-06 Includes\TrojansC-02.sbi (*)
2012-03-12 Includes\TrojansC-03.sbi (*)
2012-03-13 Includes\TrojansC-04.sbi (*)
2012-03-05 Includes\TrojansC-05.sbi (*)
2012-03-09 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
--- System information ---
Unknown Windows version 6.1 (Build: 7601) Service Pack 1 (6.1.7601)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB954430)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB973688)
--- Startup entries list ---
Located: HK_LM:Run,
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, Adobe ARM
command: "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
file: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
size: 843712
MD5: B8E421C0890356CD4A793D8A346D9096
Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
file: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
size: 37296
MD5: 505F022493D471025ADD399A4162208B
Located: HK_LM:Run, APSDaemon
command: "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
file: C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
size: 59240
MD5: 35AC4B63CBB9FB6B4472913E9948B517
Located: HK_LM:Run, BCSSync
command: "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
file: C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe
size: 91520
MD5: 901AA7A38CE13F14B6BBEC38C0595698
Located: HK_LM:Run, ccApp
command: "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
file: C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
size: 115560
MD5: 187A956FB8F79DB449A28A0D08657EFF
Located: HK_LM:Run, HP Software Update
command: C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
file: C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
size: 49208
MD5: C637FC4638A96165256B28D38DE7B953
Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
file: C:\Program Files (x86)\iTunes\iTunesHelper.exe
size: 421736
MD5: 7746FF4871C7EE3C169D19B424A47710
Located: HK_LM:Run, NortonOnlineBackupReminder
command: "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
file: C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe
size: 581480
MD5: E8F915D5140A75ABFF036BBF9D0941AD
Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
file: C:\Program Files (x86)\QuickTime\QTTask.exe
size: 421888
MD5: AF43C4F7F3C8BC95DAD95024F96CDC4A
Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
file: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
size: 254696
MD5: 98A078F838A70F84E1BD490D7C7675F4
Located: HK_LM:Run, UCam_Menu
command: "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
file: C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
size: 218408
MD5: 5C5D40DDDE89190B2B3A19EDAC1CCF55
Located: HK_LM:Run, UpdatePRCShortCut
command: "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
file: C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe
size: 222504
MD5: 4EFCDF3DB1BBA69C09622991280C4ACB
Located: HK_LM:Run, WirelessAssistant
command: C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
file: C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
size: 500792
MD5: A171B56DA31CEA530BFC03734841BD79
Located: HK_CU:Run, Sidebar
where: S-1-5-19...
command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
file: C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
size: 1174016
MD5: DCCA4B04AF87E52EF9EAA2190E06CBAC
Located: HK_CU:RunOnce, mctadmin
where: S-1-5-19...
command: C:\Windows\System32\mctadmin.exe
file: C:\Windows\System32\mctadmin.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:Run, Sidebar
where: S-1-5-20...
command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
file: C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
size: 1174016
MD5: DCCA4B04AF87E52EF9EAA2190E06CBAC
Located: HK_CU:RunOnce, mctadmin
where: S-1-5-20...
command: C:\Windows\System32\mctadmin.exe
file: C:\Windows\System32\mctadmin.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:Run, Google Update
where: S-1-5-21-1821525435-2388932823-2714717496-1001...
command: "C:\Users\Courtney\AppData\Local\Google\Update\GoogleUpdate.exe" /c
file: C:\Users\Courtney\AppData\Local\Google\Update\GoogleUpdate.exe
size: 136176
MD5: F02A533F517EB38333CB12A9E8963773
Located: HK_CU:Run, iCloudServices
where: S-1-5-21-1821525435-2388932823-2714717496-1001...
command: C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
file: C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
size: 59240
MD5: 490AFE9936155466526202C56BD9605E
Located: HK_CU:Run, MobileDocuments
where: S-1-5-21-1821525435-2388932823-2714717496-1001...
command: C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
file: C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
size: 59240
MD5: E0E15F209360E4A97ABCC21A486B4AEE
Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-1821525435-2388932823-2714717496-1001...
command: C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
size: 2260480
MD5: 390679F7A217A5E73D756276C40AE887
Located: HK_CU:Run, SUPERAntiSpyware
where: S-1-5-21-1821525435-2388932823-2714717496-1001...
command: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
file: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
size: 4785536
MD5: 26E58AEDCDA906BF5AE35D40CBFD6EA4
Located: Startup (common), Google Calendar Sync.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
file: C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
size: 542264
MD5: C5B5552E5C1A0079C1F7313E7CC7707E
Located: Startup (common), HP Digital Imaging Monitor.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
file: C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
size: 275072
MD5: EAA666E9DD8DCDA6E075087091CB85EE
--- Browser helper object list ---
{0347C33E-8762-4905-BF09-768834316C61} (HP Print Enhancer)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: HP Print Enhancer
CLSID name: HP Print Enhancer
Path: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\
Long name: hpswp_printenhancer.dll
Short name: HPSWP_~3.DLL
Date (created): 10/22/2009 5:29:58 AM
Date (last access): 6/14/2010 9:32:22 PM
Date (last write): 10/22/2009 5:29:58 AM
Filesize: 328248
Attributes: archive
MD5: 972F4608E0BA74BE1DB448947E5A9822
CRC32: C87DAD78
Version: 132.0.55458.0
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (AcroIEHelperStub)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: AcroIEHelperStub
CLSID name: Adobe PDF Link Helper
Path: C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelperShim.dll
Short name: ACROIE~2.DLL
Date (created): 1/3/2012 12:16:32 PM
Date (last access): 1/13/2012 4:11:36 PM
Date (last write): 1/3/2012 12:16:32 PM
Filesize: 75200
Attributes: archive
MD5: 1F9B3487739B31C3D770728CB157A54D
CRC32: 3F012C08
Version: 9.5.0.270
{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDHelper.dll
info link: http://www.safer-networking.org/
info source: Safer-Networking Ltd.
Path: C:\PROGRA~2\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 6/20/2010 4:58:10 PM
Date (last access): 6/20/2010 4:58:10 PM
Date (last write): 1/26/2009 3:31:02 PM
Filesize: 1879896
Attributes: archive
MD5: 022C2F6DCCDFA0AD73024D254E62AFAC
CRC32: 5BA24007
Version: 1.6.2.14
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Groove GFS Browser Helper
Path: C:\PROGRA~2\MICROS~4\Office14\
Long name: GROOVEEX.DLL
Short name:
Date (created): 6/12/2011 11:15:00 AM
Date (last access): 9/16/2011 8:48:02 AM
Date (last write): 6/12/2011 11:15:00 AM
Filesize: 4221328
Attributes: archive
MD5: FB8C6A46EAF7585D2CA8583C4C9A8EDF
CRC32: F6E23C3B
Version: 14.0.6106.5000
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (Java(tm) Plug-In SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In SSV Helper
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: ssv.dll
Short name:
Date (created): 3/1/2012 5:24:56 PM
Date (last access): 3/1/2012 5:24:56 PM
Date (last write): 3/1/2012 5:24:56 PM
Filesize: 325408
Attributes: archive
MD5: 8E6C86726B67D3FAA3144849B9AAC06C
CRC32: B1F4AB5B
Version: 6.0.310.5
{9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live ID Sign-in Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Windows Live ID Sign-in Helper
Path: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\
Long name: WindowsLiveLogin.dll
Short name: WINDOW~1.DLL
Date (created): 9/21/2010 2:08:38 PM
Date (last access): 10/25/2010 2:17:10 PM
Date (last write): 9/21/2010 2:08:38 PM
Filesize: 439168
Attributes: archive
MD5: 6BF01E200063D7274F3AF06D226671F5
CRC32: C8953126
Version: 7.250.4225.0
{ABD3B5E1-B268-407B-A150-2641DAB8D898} (HelloWorldBHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: HelloWorldBHO
CLSID name: hpBHO Class
Path: C:\Program Files (x86)\Common Files\Homepage Protection\
Long name: HomepageProtection.dll
Short name: HOMEPA~1.DLL
Date (created): 6/8/2009 5:41:24 PM
Date (last access): 8/15/2009 1:48:34 AM
Date (last write): 6/8/2009 5:41:24 PM
Filesize: 120104
Attributes: archive
MD5: 097E5757DCC2DFEBEB5502218DC707EF
CRC32: 929EA499
Version: 1.0.0.4
{B4F3A835-0E21-4959-BA22-42B3008E02FF} (URLRedirectionBHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: URLRedirectionBHO
CLSID name: Office Document Cache Handler
Path: C:\PROGRA~2\MICROS~4\Office14\
Long name: URLREDIR.DLL
Short name:
Date (created): 12/21/2010 1:05:22 AM
Date (last access): 7/10/2011 6:48:36 PM
Date (last write): 12/21/2010 1:05:22 AM
Filesize: 561552
Attributes: archive
MD5: A5D08B86E8A437AA6DEAF7A187BF6CA5
CRC32: CEA4973B
Version: 14.0.6015.1000
{d2ce3e00-f94a-4740-988e-03dc2f38c34f} (Bing Bar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Bing Bar Helper
Path: "C:\Program Files (x86)\Microsoft\BingBar\
Long name: BingExt.dll"
{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In 2 SSV Helper
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 3/1/2012 5:24:56 PM
Date (last access): 3/1/2012 5:24:56 PM
Date (last write): 3/1/2012 5:24:56 PM
Filesize: 42272
Attributes: archive
MD5: A9770771B622A871643EA2A4A3983E95
CRC32: D1C0DA03
Version: 6.0.310.5
{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} (HP Smart BHO Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: HP Smart BHO Class
CLSID name: HP Smart BHO Class
Path: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\
Long name: hpswp_BHO.dll
Short name: HPSWP_~1.DLL
Date (created): 10/22/2009 5:29:56 AM
Date (last access): 6/14/2010 9:32:22 PM
Date (last write): 10/22/2009 5:29:56 AM
Filesize: 517688
Attributes: archive
MD5: 4743B45C41BE35709F81BEC62FDA0AA0
CRC32: CC2D5870
Version: 132.0.55458.0
--- ActiveX list ---
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_31
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 3/1/2012 5:24:56 PM
Date (last access): 3/1/2012 5:24:56 PM
Date (last write): 3/1/2012 5:24:56 PM
Filesize: 104224
Attributes: archive
MD5: C7AD5E5E4FC8AF697A91BF56D1806B8D
CRC32: D5225578
Version: 6.0.310.5
{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_31
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 3/1/2012 5:24:56 PM
Date (last access): 3/1/2012 5:24:56 PM
Date (last write): 3/1/2012 5:24:56 PM
Filesize: 104224
Attributes: archive
MD5: C7AD5E5E4FC8AF697A91BF56D1806B8D
CRC32: D5225578
Version: 6.0.310.5
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_31
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: npjpi160_31.dll
Short name: NPJPI1~1.DLL
Date (created): 3/1/2012 5:24:56 PM
Date (last access): 3/1/2012 5:24:56 PM
Date (last write): 3/1/2012 5:24:56 PM
Filesize: 141088
Attributes: archive
MD5: 77149DCA2C3134C50150ECD33593F4A8
CRC32: 88B54397
Version: 6.0.310.5
{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer:
Codebase:
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\Windows\SysWOW64\Macromed\Flash\
Long name: Flash11c.ocx
Short name:
Date (created): 10/29/2011 5:55:20 PM
Date (last access): 10/29/2011 5:55:20 PM
Date (last write): 10/29/2011 5:55:20 PM
Filesize: 8627360
Attributes: readonly archive
MD5: BD007D624E4CD905AB2E8DF2C6DE891C
CRC32: D59CAAAD
Version: 11.0.1.152
--- Process list ---
PID: 0 ( 0) [System]
PID: 3388 ( 696) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
size: 50544
MD5: 4CC38227FE6086678720AF8FBD764B6E
PID: 3988 (3184) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
size: 59240
MD5: 490AFE9936155466526202C56BD9605E
PID: 4064 (3184) C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
size: 59240
MD5: E0E15F209360E4A97ABCC21A486B4AEE
PID: 3196 (3184) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
size: 2260480
MD5: 390679F7A217A5E73D756276C40AE887
PID: 212 (3184) C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
size: 542264
MD5: C5B5552E5C1A0079C1F7313E7CC7707E
PID: 1048 (3184) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
size: 275072
MD5: EAA666E9DD8DCDA6E075087091CB85EE
PID: 3912 (4064) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
size: 13672
MD5: BB3A22F3EED85A12CFB2DD60D9F9B52F
PID: 576 (3784) C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
size: 115560
MD5: 187A956FB8F79DB449A28A0D08657EFF
PID: 4180 (3784) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
size: 59240
MD5: 35AC4B63CBB9FB6B4472913E9948B517
PID: 4200 (3784) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
size: 49208
MD5: C637FC4638A96165256B28D38DE7B953
PID: 4208 (3784) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
size: 254696
MD5: 98A078F838A70F84E1BD490D7C7675F4
PID: 4240 (3784) C:\Program Files (x86)\iTunes\iTunesHelper.exe
size: 421736
MD5: 7746FF4871C7EE3C169D19B424A47710
PID: 4560 (1468) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
size: 1187072
MD5: 0830E6BA8463BEF96CF69C1993F74A4B
PID: 4680 (1048) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
size: 174952
MD5: C180E890FFE0FDED8306427D3C836AF2
PID: 4808 ( 696) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
size: 565096
MD5: B29A08A0CB56CD5A4B9C53A011819657
PID: 5072 ( 696) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
size: 366720
MD5: 66BB5B07696219FA334452D6F51FD648
PID: 4428 (3184) C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID: 560 ( 696) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
size: 632888
MD5: 0DE3C7622EC33126579B1742260F08C2
PID: 4532 (3184) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
size: 15759200
MD5: C99E4311B92365522C0F9EA8E1527840
PID: 5948 (3924) C:\Windows\sysWow64\SearchProtocolHost.exe
size: 164352
MD5: E1AC89F6C5252057E6062843E36A6701
PID: 4040 (4532) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
size: 924600
MD5: 637F2BDC0E53704D121DDD27A1F62090
PID: 4 ( 0) System
PID: 280 ( 4) smss.exe
PID: 396 ( 388) csrss.exe
PID: 460 ( 448) csrss.exe
PID: 468 ( 388) wininit.exe
size: 96256
PID: 516 ( 448) winlogon.exe
PID: 564 ( 468) services.exe
PID: 572 ( 468) lsass.exe
PID: 580 ( 468) lsm.exe
PID: 696 ( 564) svchost.exe
size: 20992
PID: 772 ( 564) svchost.exe
size: 20992
PID: 860 ( 564) svchost.exe
size: 20992
PID: 908 ( 564) svchost.exe
size: 20992
PID: 952 ( 564) svchost.exe
size: 20992
PID: 980 ( 564) stacsv64.exe
PID: 844 ( 564) svchost.exe
size: 20992
PID: 1072 ( 564) Smc.exe
PID: 1200 ( 564) svchost.exe
size: 20992
PID: 1272 ( 564) ccSvcHst.exe
PID: 1468 ( 564) AAWService.exe
PID: 1648 ( 564) spoolsv.exe
PID: 1700 ( 564) svchost.exe
size: 20992
PID: 1836 ( 564) SASCore64.exe
PID: 1856 ( 564) AESTSr64.exe
PID: 1888 ( 564) agr64svc.exe
PID: 1908 ( 564) AppleMobileDeviceService.exe
PID: 1944 ( 564) SeaPort.EXE
PID: 1984 ( 564) mDNSResponder.exe
PID: 2016 ( 564) svchost.exe
size: 20992
PID: 1088 ( 564) HPDrvMntSvc.exe
PID: 1304 ( 564) svchost.exe
size: 20992
PID: 1504 ( 564) LSSrvc.exe
PID: 2092 ( 564) RichVideo.exe
PID: 2140 ( 564) svchost.exe
size: 20992
PID: 2164 ( 564) Rtvscan.exe
PID: 2236 ( 564) WLIDSVC.EXE
PID: 2300 ( 564) SDWinSec.exe
size: 1153368
MD5: 794D4B48DFB6E999537C7C3947863463
PID: 2324 (2236) WLIDSVCM.EXE
PID: 2540 ( 696) unsecapp.exe
PID: 2680 ( 696) WmiPrvSE.exe
PID: 2744 ( 564) svchost.exe
size: 20992
PID: 2852 ( 564) svchost.exe
size: 20992
PID: 2256 ( 564) C:\Windows\System32\taskhost.exe
PID: 3156 ( 908) C:\Windows\System32\dwm.exe
PID: 3184 (3092) C:\Windows\explorer.exe
size: 2871808
MD5: 332FEAB1435662FC6C672E25BEB37BE3
PID: 3268 (1072) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
size: 3862344
MD5: 4DB775CB3A7A1988F043BA4D0CE9E489
PID: 3940 (3184) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
size: 1815848
MD5: 435AFCEBC01BE92CF988F86A64DE5B4E
PID: 3948 (3184) C:\Program Files\IDT\WDM\sttray64.exe
size: 487424
MD5: F4290F0F67C0506A825647961C151E0D
PID: 3964 (3184) C:\Windows\System32\hkcmd.exe
PID: 3972 (3184) C:\Windows\System32\igfxpers.exe
PID: 3792 (3184) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
size: 4785536
MD5: 26E58AEDCDA906BF5AE35D40CBFD6EA4
PID: 3924 ( 564) SearchIndexer.exe
size: 427520
PID: 4056 (3940) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
size: 120616
MD5: 31FF084BFAA35307DBAB4FA60CF7DBB7
PID: 288 (3784) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
size: 500792
MD5: A171B56DA31CEA530BFC03734841BD79
PID: 1080 ( 460) C:\Windows\System32\conhost.exe
PID: 4220 ( 564) wmpnetwk.exe
PID: 4732 ( 564) iPodService.exe
PID: 2724 ( 564) hpqWmiEx.exe
PID: 4580 ( 560) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
size: 311352
MD5: 22309C300E4F1E33BC75EDA065C3C384
PID: 4276 ( 564) svchost.exe
size: 20992
PID: 5428 ( 564) HPSA_Service.exe
PID: 5492 ( 564) IntuitUpdateService.exe
PID: 5556 ( 696) dllhost.exe
size: 7168
PID: 5716 ( 564) IntuitUpdateService.exe
PID: 5404 ( 564) svchost.exe
size: 20992
PID: 1608 ( 860) audiodg.exe
PID: 6012 ( 564) svchost.exe
size: 20992
PID: 5916 ( 564) OSPPSVC.EXE
PID: 3408 (3924) C:\Windows\System32\SearchFilterHost.exe
size: 86528
MD5: A6CD6B3F71E13E2E45B727FB8A47EA87
PID: 2788 ( 564) svchost.exe
size: 20992
PID: 6320 (3924) SearchProtocolHost.exe
size: 164352
PID: 6412 ( 564) svchost.exe
size: 20992
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 3/20/2012 2:37:06 PM
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://yahoo.com/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\SysWOW64\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896
--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 3: MSAFD Tcpip [TCP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 4: MSAFD Tcpip [UDP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 5: MSAFD Tcpip [RAW/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 6: RSVP TCPv6 Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 7: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 8: RSVP UDPv6 Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 9: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 10: MSAFD Irda [IrDA]
GUID: {3972523D-2AF1-11D1-B655-00805F3642CC}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Infrared protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Irda [IrDA]
Namespace Provider 0: Network Location Awareness Legacy (NLAv1) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename:
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
Namespace Provider 1: E-mail Naming Shim Provider
GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
Filename:
Namespace Provider 2: PNRP Cloud Namespace Provider
GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
Filename:
Namespace Provider 3: PNRP Name Namespace Provider
GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
Filename:
Namespace Provider 4: WindowsLive NSP
GUID: {4177DDE9-6028-479E-B7B7-03591A63FF3A}
Filename: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
Namespace Provider 5: WindowsLive Local NSP
GUID: {229F2A2C-5F18-4A06-8F89-3A372170624D}
Filename: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
Namespace Provider 6: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename:
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP
Namespace Provider 7: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS
Namespace Provider 8: mdnsNSP
GUID: {B600E6E9-553B-4A19-8696-335E5C896153}
Filename: C:\Program Files (x86)\Bonjour\mdnsNSP.dll
Description: Apple Rendezvous protocol
DB filename: %ProgramFiles%\Rendezvous\bin\mdnsNSP.dll
DB protocol: mdnsNSP
This is a bogus program
{ABD3B5E1-B268-407B-A150-2641DAB8D898} (HelloWorldBHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: HelloWorldBHO
CLSID name: hpBHO Class
Path: C:\Program Files (x86)\Common Files\Homepage Protection\
Long name: HomepageProtection.dll
Short name: HOMEPA~1.DLL
Date (created): 6/8/2009 5:41:24 PM
Date (last access): 8/15/2009 1:48:34 AM
Date (last write): 6/8/2009 5:41:24 PM
Filesize: 120104
Attributes: archive
MD5: 097E5757DCC2DFEBEB5502218DC707EF
CRC32: 929EA499
Version: 1.0.0.4
You have the TeaTimer active in Spybot, it may be preventing the removal of Yieldmanager.
Run Spybot-S&D in Advanced Mode.
If it is not already set to do this Go to the Mode menu select "Advanced Mode"
On the left hand side, Click on Tools
Then click on the Resident Icon in the List
Uncheck "Resident TeaTimer" and OK any prompts.
Restart your computer.<--You need to do this for it to take effect
OTL by OldTimer
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
courtneymc
2012-03-21, 02:08
I turned off teatime and reran spybot, removed it, and re ran it and it was still there. But for the future, should I leave that Teatimer turned off?
what about the 'helloworld', do I need to do something with that?
meanwhile, here is the extra log from OTL. otl to follow in another post.
OTL Extras logfile created on: 3/20/2012 8:30:29 PM - Run 1
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\Courtney\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.91 Gb Total Physical Memory | 2.12 Gb Available Physical Memory | 54.18% Memory free
7.81 Gb Paging File | 5.84 Gb Available in Paging File | 74.75% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.73 Gb Total Space | 206.11 Gb Free Space | 72.14% Space Free | Partition Type: NTFS
Drive D: | 12.16 Gb Total Space | 2.04 Gb Free Space | 16.78% Space Free | Partition Type: NTFS
Computer Name: COURTNEY-NB2 | User Name: Courtney | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1821525435-2388932823-2714717496-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{14BC6853-A74E-4874-B50D-679889D1544D}" = HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java(TM) 6 Update 14 (64-bit)
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}" = iTunes
"{530992D4-DDBA-4F68-8B0D-FF50AC57531B}" = Symantec Endpoint Protection
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBC1DE57-B55A-4D57-9769-1DB9BE506AF7}" = HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"LSI Soft Modem" = LSI HDA Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2E80C8-0875-43EB-9623-47118E2DFBCA}" = Quicken 2007
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{16D0F2D2-242C-4885-BEF1-4B1655C141AE}" = Bing Bar
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2EC00E62-AA90-4016-AA27-B2CD0FD17B3A}" = Cruise Shark
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{385DD1DD-65AA-408D-8E70-74601C2DB7E6}" = Ad-Aware
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{42BBA4CC-EFB6-4653-A2CC-F305D4B399C3}" = PS_AIO_07_D110_SW_Min
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4E432692-A736-4F77-AF77-F9078CF88D31}" = HP Wireless Assistant
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{4F93ABBE-5A1D-4D56-94CB-022F109FDE4D}" = Adobe Presenter 7
"{533A6E40-A0D5-4643-B9CE-9B03989EF159}" = Ad-Aware
"{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{5FE545A1-D215-4216-9189-E7B39C9D1CC1}" = Quicken 2011
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71CC8771-1F1D-3394-8F70-A5B442D20C95}" = Google Talk Plugin
"{76AD2AAC-14EE-4CE3-958A-BB3DF65E7F06}" = USB-Ir Adapter
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E4B1BE8-DCF3-4B90-A726-B28107442623}" = SolutionCenter
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91D3AD6F-09CD-4695-9FA3-8FB15429BE97}" = D110
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9D3318E1-5A9F-4A95-A7A1-7E045403AE34}" = HP User Guides 0148
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E051993-7665-FE91-148D-3B0855E57F70}" = Amazon MP3 Uploader
"{A19E1C26-6DAF-AFDC-4EFF-EFF7FA36F72D}" = Jacquie Lawson London Advent Calendar
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.0 MUI
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C1653171-8073-03A8-353B-3E6139E154A9}" = KODAK Gallery Upload Software
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Activate Norton Online Backup
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4AFC7AD-F637-4EDD-BC76-767E4AF78CE1}" = OverDrive Media Console
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE626616-D7C4-4F00-7E0B-EAF26FA65749}" = muvee Reveal
"{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{E7C97E98-4C2D-BEAF-5D2F-CC45A2F95D90}" = Acrobat.com
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FA8BFB25-BF48-4F8B-8859-B30810745190}" = LightScribe System Software
"{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Presenter 7" = Adobe Presenter 7
"CameraUserGuide-PSSD1300IS_IXUS105" = Canon PowerShot SD1300 IS_IXUS 105 Camera User Guide
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Cisco Connect" = Cisco Connect
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.amazon.music.uploader" = Amazon MP3 Uploader
"com.kodakgallery.AirUploader" = KODAK Gallery Upload Software
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Digital Editions" = Adobe Digital Editions
"ePatLauncher" = ePatLauncher
"Google Calendar Sync" = Google Calendar Sync
"Homepage Protection" = Homepage Protection
"HP Photo Creations" = HP Photo Creations
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"IrfanView" = IrfanView (remove only)
"JLAdventCalendarLondon2011" = Jacquie Lawson London Advent Calendar
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"MyCamera" = Canon Utilities MyCamera
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Personal Printing Guide" = Canon Personal Printing Guide
"PhotoStitch" = Canon Utilities PhotoStitch
"Software Guide" = Canon DIGITAL CAMERA Solution Disk Software Guide
"TurboTax 2010" = TurboTax 2010
"TurboTax 2011" = TurboTax 2011
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 11/17/2011 9:16:11 AM | Computer Name = Courtney-NB2 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 11/17/2011 9:16:11 AM | Computer Name = Courtney-NB2 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9158
Error - 11/17/2011 9:16:11 AM | Computer Name = Courtney-NB2 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9158
Error - 11/17/2011 2:01:21 PM | Computer Name = Courtney-NB2 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 11/17/2011 2:01:21 PM | Computer Name = Courtney-NB2 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 17118536
Error - 11/17/2011 2:01:21 PM | Computer Name = Courtney-NB2 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 17118536
Error - 11/17/2011 2:04:21 PM | Computer Name = Courtney-NB2 | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .
Error - 11/17/2011 3:12:08 PM | Computer Name = Courtney-NB2 | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .
Error - 11/17/2011 4:00:23 PM | Computer Name = Courtney-NB2 | Source = Bonjour Service | ID = 100
Description = Client application registered 2 identical instances of service Courtney’s\032Library._home-sharing._tcp.local.
port 3689.
Error - 11/17/2011 4:00:50 PM | Computer Name = Courtney-NB2 | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .
[ Hewlett-Packard Events ]
Error - 12/29/2011 7:55:52 PM | Computer Name = Courtney-NB2 | Source = HPSF.exe | ID = 4000
Description =
Error - 1/5/2012 8:51:33 PM | Computer Name = Courtney-NB2 | Source = HPSF.exe | ID = 4000
Description =
Error - 1/12/2012 5:28:55 PM | Computer Name = Courtney-NB2 | Source = HPSF.exe | ID = 4000
Description =
Error - 2/2/2012 2:18:49 PM | Computer Name = Courtney-NB2 | Source = HPSF.exe | ID = 4000
Description =
Error - 2/9/2012 12:21:56 PM | Computer Name = Courtney-NB2 | Source = HPSF.exe | ID = 4000
Description =
Error - 2/9/2012 12:23:09 PM | Computer Name = Courtney-NB2 | Source = HPSF.exe | ID = 4000
Description =
Error - 3/1/2012 4:06:46 PM | Computer Name = Courtney-NB2 | Source = HPSF.exe | ID = 4000
Description =
Error - 3/6/2012 5:30:13 PM | Computer Name = Courtney-NB2 | Source = HPSFMsgr.exe | ID = 2000
Description = HP Error ID: -2147467261 at HPSA_Messenger.MessengerManager.UIManager.SyncMessengerWithNotifySettings()
Message:
Object reference not set to an instance of an object. StackTrace: at HPSA_Messenger.MessengerManager.UIManager.SyncMessengerWithNotifySettings()
Source:
HPSFMsgr Name: HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: en-US RAM: 3998 Ram
Utilization: 50 TargetSite: Void SyncMessengerWithNotifySettings()
Error - 3/6/2012 5:30:16 PM | Computer Name = Courtney-NB2 | Source = HPSFMsgr.exe | ID = 2000
Description = HP Error ID: -2147467261HPSFMsgr.exe at HPSA_Messenger.MessengerManager.UIManager.SyncMessengerWithNotifySettings()
Message:
Object reference not set to an instance of an object. StackTrace: at HPSA_Messenger.MessengerManager.UIManager.SyncMessengerWithNotifySettings()
Source:
HPSFMsgr Name: HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: en-US RAM: 3998 Ram
Utilization: 50 TargetSite: Void SyncMessengerWithNotifySettings()
Error - 3/12/2012 12:15:47 PM | Computer Name = Courtney-NB2 | Source = HPSF.exe | ID = 4000
Description =
[ System Events ]
Error - 9/7/2011 8:14:30 PM | Computer Name = Courtney-NB2 | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.
Error - 9/8/2011 1:03:37 PM | Computer Name = Courtney-NB2 | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the IPBusEnum service.
Error - 9/8/2011 7:40:07 PM | Computer Name = Courtney-NB2 | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the IPBusEnum service.
Error - 9/9/2011 9:01:36 AM | Computer Name = Courtney-NB2 | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the IPBusEnum service.
Error - 9/11/2011 7:01:51 PM | Computer Name = Courtney-NB2 | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the IPBusEnum service.
Error - 9/12/2011 2:40:17 PM | Computer Name = Courtney-NB2 | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the IPBusEnum service.
Error - 9/13/2011 11:07:03 AM | Computer Name = Courtney-NB2 | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the IPBusEnum service.
Error - 9/13/2011 6:48:48 PM | Computer Name = Courtney-NB2 | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the IPBusEnum service.
Error - 9/16/2011 8:16:28 AM | Computer Name = Courtney-NB2 | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the IPBusEnum service.
Error - 9/16/2011 8:22:41 AM | Computer Name = Courtney-NB2 | Source = DCOM | ID = 10010
Description =
< End of report >
courtneymc
2012-03-21, 02:09
and the OTL.txt:
OTL logfile created on: 3/20/2012 8:30:29 PM - Run 1
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\Courtney\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.91 Gb Total Physical Memory | 2.12 Gb Available Physical Memory | 54.18% Memory free
7.81 Gb Paging File | 5.84 Gb Available in Paging File | 74.75% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.73 Gb Total Space | 206.11 Gb Free Space | 72.14% Space Free | Partition Type: NTFS
Drive D: | 12.16 Gb Total Space | 2.04 Gb Free Space | 16.78% Space Free | Partition Type: NTFS
Computer Name: COURTNEY-NB2 | User Name: Courtney | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Courtney\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
PRC - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
========== Modules (No Company Name) ==========
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
========== Win32 Services (SafeList) ==========
SRV:[b]64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (AESTFilters) -- C:\Program Files\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agr64svc.exe (LSI Corporation)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (IntuitUpdateServiceV4) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Inc.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (IntuitUpdateService) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ccSetMgr) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (SmcService) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SRV - (Symantec AntiVirus) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SRV - (SNAC) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
========== Driver Services (SafeList) ==========
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (Lbd) -- C:\Windows\SysNative\drivers\Lbd.sys (Lavasoft AB)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (NETw5s64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (SRTSPL) -- C:\Windows\SysNative\drivers\srtspl64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (NETw1v64) Intel(R) -- C:\Windows\SysNative\drivers\NETw1v64.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (irda) -- C:\Windows\SysNative\drivers\irda.sys (Microsoft Corporation)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (IntcHdmiAddService) Intel(R) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (grmnusb) -- C:\Windows\SysNative\drivers\grmnusb.sys (GARMIN Corp.)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation)
DRV:64bit: - (MosIrUsb) -- C:\Windows\SysNative\drivers\MosIrUsb.sys ()
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (Lavasoft Kernexplorer) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys ()
DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120320.002\EX64.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120320.002\ENG64.SYS (Symantec Corporation)
DRV - (SRTSPL) -- C:\Windows\SysWOW64\drivers\srtspl64.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\SysWOW64\drivers\srtsp64.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\SysWOW64\drivers\srtspx64.sys (Symantec Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {3D868A69-F711-4F8F-A8D9-0F5AE2B3FD72}
IE:64bit: - HKLM\..\SearchScopes\{3D868A69-F711-4F8F-A8D9-0F5AE2B3FD72}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{69B38643-8C04-4B58-A328-1E9A27FDA35E}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
IE - HKLM\..\SearchScopes,DefaultScope = {3D868A69-F711-4F8F-A8D9-0F5AE2B3FD72}
IE - HKLM\..\SearchScopes\{3D868A69-F711-4F8F-A8D9-0F5AE2B3FD72}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{69B38643-8C04-4B58-A328-1E9A27FDA35E}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1821525435-2388932823-2714717496-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
IE - HKU\S-1-5-21-1821525435-2388932823-2714717496-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKU\S-1-5-21-1821525435-2388932823-2714717496-1001\..\SearchScopes,DefaultScope = {3D868A69-F711-4F8F-A8D9-0F5AE2B3FD72}
IE - HKU\S-1-5-21-1821525435-2388932823-2714717496-1001\..\SearchScopes\{3D868A69-F711-4F8F-A8D9-0F5AE2B3FD72}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-1821525435-2388932823-2714717496-1001\..\SearchScopes\{69B38643-8C04-4B58-A328-1E9A27FDA35E}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKU\S-1-5-21-1821525435-2388932823-2714717496-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1821525435-2388932823-2714717496-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "yahoo.com"
FF - prefs.js..extensions.enabledItems: optout@google.com:1.2
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Courtney\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Courtney\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Courtney\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Courtney\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/14 21:32:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/20 13:43:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/13 16:11:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/14 21:32:21 | 000,000,000 | ---D | M]
[2010/06/15 12:49:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Courtney\AppData\Roaming\Mozilla\Extensions
[2011/07/29 12:34:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Courtney\AppData\Roaming\Mozilla\Firefox\Profiles\yfvqc6wy.default\extensions
[2012/03/20 13:43:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\COURTNEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFVQC6WY.DEFAULT\EXTENSIONS\OPTOUT@GOOGLE.COM.XPI
[2012/03/20 13:43:04 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/09/20 10:37:34 | 000,466,944 | ---- | M] (Catalina Marketing Corp.) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
[2010/09/20 10:37:34 | 000,466,944 | ---- | M] (Catalina Marketing Corp.) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol500.dll
[2009/11/06 12:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2012/03/01 17:24:55 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/06 12:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/02/16 13:53:20 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/16 13:53:20 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Courtney\AppData\Local\Google\Chrome\Application\9.0.597.98\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\Courtney\AppData\Local\Google\Chrome\Application\9.0.597.98\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Courtney\AppData\Local\Google\Chrome\Application\9.0.597.98\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.140.8 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Coupon Print Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
CHR - plugin: Coupon Print Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol500.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Courtney\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.51204.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: IBA Opt-out (by Google) = C:\Users\Courtney\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbiekjoijknlhijdjbaadobpkdhmoebb\1.0_2\
O1 HOSTS File: ([2012/03/02 19:29:58 | 000,441,475 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15172 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (hpBHO Class) - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll (AOL Products)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-1821525435-2388932823-2714717496-1001\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1821525435-2388932823-2714717496-1001..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-1821525435-2388932823-2714717496-1001..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-1821525435-2388932823-2714717496-1001..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKU\S-1-5-21-1821525435-2388932823-2714717496-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1821525435-2388932823-2714717496-1001\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} Reg Error: Value error. (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{31B524DF-D674-4340-949D-574B089D02EE}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3DC90021-B8C9-42BC-B7FB-B45A8BA8812E}: DhcpNameServer = 65.32.5.111 65.32.5.112
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012/03/20 16:34:52 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Users\Courtney\Desktop\OTL.exe
[2012/03/18 17:40:01 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Roaming\SUPERAntiSpyware.com
[2012/03/18 17:39:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/03/18 17:39:37 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/03/18 17:39:37 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/03/18 10:35:00 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Roaming\Malwarebytes
[2012/03/18 10:34:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/03/14 10:23:08 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/03/14 10:23:07 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/03/14 10:23:07 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/03/14 10:03:26 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/03/14 10:02:27 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/03/14 10:02:27 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/03/14 10:02:27 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/03/14 10:02:05 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012/03/14 10:02:05 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012/03/14 09:59:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/03/14 09:57:49 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/03/14 09:57:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/03/14 09:57:49 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/03/10 15:49:48 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/09 16:51:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2011
[2012/03/06 13:57:30 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\52DA4B3F-6A18-4801-84B4-86F0D4A97B7D.aplzod
[2012/03/01 17:25:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/03/01 17:25:05 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/03/01 17:25:05 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/03/01 17:25:04 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/02/25 19:39:05 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Roaming\.minecraft
========== Files - Modified Within 30 Days ==========
[2012/03/20 20:01:54 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/20 20:01:54 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/20 19:52:52 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012/03/20 19:51:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/20 19:51:20 | 3144,880,128 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/20 19:11:14 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1821525435-2388932823-2714717496-1001UA.job
[2012/03/20 16:34:59 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Courtney\Desktop\OTL.exe
[2012/03/20 15:51:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1821525435-2388932823-2714717496-1001Core.job
[2012/03/20 13:27:04 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2012/03/20 13:27:04 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2012/03/20 13:21:27 | 000,000,272 | ---- | M] () -- C:\Users\Courtney\Desktop\regfix.reg
[2012/03/19 20:32:26 | 000,095,744 | ---- | M] () -- C:\Users\Courtney\Desktop\SystemLook_x64.exe
[2012/03/18 20:37:27 | 000,749,030 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/18 20:37:27 | 000,639,742 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/18 20:37:27 | 000,113,432 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/18 17:39:41 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/03/18 17:27:01 | 000,398,036 | ---- | M] () -- C:\Users\Courtney\Desktop\Summer Camp Handout 1.pdf
[2012/03/17 12:20:54 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForCourtney.job
[2012/03/14 14:19:41 | 000,445,328 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/03/14 09:59:52 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/03/13 11:25:13 | 000,842,949 | ---- | M] () -- C:\Users\Courtney\Documents\Maggie 4th grade talentSearchGuide.pdf
[2012/03/09 16:53:04 | 000,000,319 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012/03/06 16:54:39 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/03/02 19:29:58 | 000,441,475 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/03/01 17:24:55 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/03/01 17:24:55 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/03/01 17:24:55 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/03/01 17:24:54 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012/02/24 21:24:27 | 000,441,415 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120302-182958.backup
========== Files Created - No Company Name ==========
[2012/03/20 19:52:52 | 000,000,408 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012/03/20 13:21:27 | 000,000,272 | ---- | C] () -- C:\Users\Courtney\Desktop\regfix.reg
[2012/03/19 20:32:24 | 000,095,744 | ---- | C] () -- C:\Users\Courtney\Desktop\SystemLook_x64.exe
[2012/03/18 17:39:41 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/03/18 17:27:01 | 000,398,036 | ---- | C] () -- C:\Users\Courtney\Desktop\Summer Camp Handout 1.pdf
[2012/03/14 09:59:52 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/03/13 11:25:10 | 000,842,949 | ---- | C] () -- C:\Users\Courtney\Documents\Maggie 4th grade talentSearchGuide.pdf
[2012/03/09 16:51:54 | 000,000,319 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2011/11/13 16:49:31 | 000,207,061 | ---- | C] () -- C:\Windows\hpoins46.dat.temp
[2011/11/13 16:49:31 | 000,000,574 | ---- | C] () -- C:\Windows\hpomdl46.dat.temp
[2011/06/15 20:19:22 | 000,205,644 | ---- | C] () -- C:\Windows\hpoins46.dat
[2011/04/24 21:05:53 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/04/24 21:05:53 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/02/25 08:39:49 | 000,001,854 | ---- | C] () -- C:\Users\Courtney\AppData\Roaming\GhostObjGAFix.xml
[2011/01/05 21:13:18 | 000,005,632 | ---- | C] () -- C:\Users\Courtney\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/22 16:37:31 | 000,038,431 | ---- | C] () -- C:\Users\Courtney\AppData\Roaming\Comma Separated Values (DOS).ADR
[2010/08/25 20:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 20:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 20:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/07/22 15:16:26 | 000,199,528 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/07/20 10:58:34 | 000,737,300 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/07/07 10:45:53 | 000,029,059 | ---- | C] () -- C:\Users\Courtney\AppData\Roaming\Comma Separated Values (Windows).ADR
[2010/06/30 01:12:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2010/06/20 13:34:28 | 000,000,171 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2010/06/14 21:30:43 | 000,023,117 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/03/31 20:34:36 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl46.dat
========== LOP Check ==========
[2012/02/25 19:39:17 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\.minecraft
[2010/09/20 10:37:34 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\Catalina Marketing Corp
[2010/08/09 15:27:00 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/12/25 22:23:48 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\com.amazon.music.uploader
[2011/04/08 10:13:53 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\com.kodakgallery.AirUploader
[2011/01/24 18:12:53 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\IrfanView
[2011/11/17 14:08:08 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\JLAdventCalendarLondon2011
[2011/08/18 13:56:25 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\OverDrive
[2010/06/15 17:02:58 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\WildTangent
[2012/03/20 19:52:52 | 000,000,408 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2011/12/11 09:03:22 | 000,032,586 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
Good Morning,
Here is info on Homepage Protection, you can uninstall it if you wish, it may be more of a nuisance than anything else
http://www.systemlookup.com/CLSID/66044-HomepageProtection_dll.html
As far as the TeaTimer, leave it disabled until where done then you can re enable it
Open OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:processes
killallprocesses
:OTL
IE:64bit: - HKLM\..\SearchScopes\{69B38643-8C04-4B58-A328-1E9A27FDA35E}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKLM\..\SearchScopes\{69B38643-8C04-4B58-A328-1E9A27FDA35E}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKU\S-1-5-21-1821525435-2388932823-2714717496-1001\..\SearchScopes\{69B38643-8C04-4B58-A328-1E9A27FDA35E}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
[2010/09/20 10:37:34 | 000,466,944 | ---- | M] (Catalina Marketing Corp.) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
[2010/09/20 10:37:34 | 000,466,944 | ---- | M] (Catalina Marketing Corp.) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol500.dll
[2012/02/24 21:24:27 | 000,441,415 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120302-182958.backup
:Services
:Reg
:Files
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]
Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
courtneymc
2012-03-21, 15:49
here is the log after running the fix, will post after run the scan once it's done:
All processes killed
========== PROCESSES ==========
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{69B38643-8C04-4B58-A328-1E9A27FDA35E}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69B38643-8C04-4B58-A328-1E9A27FDA35E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{69B38643-8C04-4B58-A328-1E9A27FDA35E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69B38643-8C04-4B58-A328-1E9A27FDA35E}\ not found.
Registry key HKEY_USERS\S-1-5-21-1821525435-2388932823-2714717496-1001\Software\Microsoft\Internet Explorer\SearchScopes\{69B38643-8C04-4B58-A328-1E9A27FDA35E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69B38643-8C04-4B58-A328-1E9A27FDA35E}\ not found.
C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll moved successfully.
C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol500.dll moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20120302-182958.backup moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Courtney\Desktop\cmd.bat deleted successfully.
C:\Users\Courtney\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Courtney
->Temp folder emptied: 14314735 bytes
->Temporary Internet Files folder emptied: 1079062550 bytes
->Java cache emptied: 20598446 bytes
->FireFox cache emptied: 58148842 bytes
->Google Chrome cache emptied: 115533023 bytes
->Flash cache emptied: 177521 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 690023 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 84726 bytes
RecycleBin emptied: 1949016573 bytes
Total Files Cleaned = 3,088.00 mb
OTL by OldTimer - Version 3.2.39.1 log created on 03212012_100951
Files\Folders moved on Reboot...
C:\Users\Courtney\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
courtneymc
2012-03-21, 15:58
here is the post scan log:
OTL logfile created on: 3/21/2012 10:49:59 AM - Run 2
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\Courtney\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.91 Gb Total Physical Memory | 2.08 Gb Available Physical Memory | 53.34% Memory free
7.81 Gb Paging File | 5.78 Gb Available in Paging File | 73.97% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.73 Gb Total Space | 208.71 Gb Free Space | 73.04% Space Free | Partition Type: NTFS
Drive D: | 12.16 Gb Total Space | 2.04 Gb Free Space | 16.78% Space Free | Partition Type: NTFS
Computer Name: COURTNEY-NB2 | User Name: Courtney | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Courtney\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
PRC - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
========== Modules (No Company Name) ==========
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
========== Win32 Services (SafeList) ==========
SRV:[b]64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (AESTFilters) -- C:\Program Files\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agr64svc.exe (LSI Corporation)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (IntuitUpdateServiceV4) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Inc.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (IntuitUpdateService) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ccSetMgr) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (SmcService) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SRV - (Symantec AntiVirus) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SRV - (SNAC) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
========== Driver Services (SafeList) ==========
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (Lbd) -- C:\Windows\SysNative\drivers\Lbd.sys (Lavasoft AB)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (NETw5s64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (SRTSPL) -- C:\Windows\SysNative\drivers\srtspl64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (NETw1v64) Intel(R) -- C:\Windows\SysNative\drivers\NETw1v64.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (irda) -- C:\Windows\SysNative\drivers\irda.sys (Microsoft Corporation)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (IntcHdmiAddService) Intel(R) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (grmnusb) -- C:\Windows\SysNative\drivers\grmnusb.sys (GARMIN Corp.)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation)
DRV:64bit: - (MosIrUsb) -- C:\Windows\SysNative\drivers\MosIrUsb.sys ()
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (Lavasoft Kernexplorer) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys ()
DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120320.002\EX64.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120320.002\ENG64.SYS (Symantec Corporation)
DRV - (SRTSPL) -- C:\Windows\SysWOW64\drivers\srtspl64.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\SysWOW64\drivers\srtsp64.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\SysWOW64\drivers\srtspx64.sys (Symantec Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {3D868A69-F711-4F8F-A8D9-0F5AE2B3FD72}
IE:64bit: - HKLM\..\SearchScopes\{3D868A69-F711-4F8F-A8D9-0F5AE2B3FD72}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
IE - HKLM\..\SearchScopes,DefaultScope = {3D868A69-F711-4F8F-A8D9-0F5AE2B3FD72}
IE - HKLM\..\SearchScopes\{3D868A69-F711-4F8F-A8D9-0F5AE2B3FD72}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {3D868A69-F711-4F8F-A8D9-0F5AE2B3FD72}
IE - HKCU\..\SearchScopes\{3D868A69-F711-4F8F-A8D9-0F5AE2B3FD72}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "yahoo.com"
FF - prefs.js..extensions.enabledItems: optout@google.com:1.2
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Courtney\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Courtney\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Courtney\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Courtney\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/14 21:32:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/20 13:43:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/03/21 10:09:52 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/14 21:32:21 | 000,000,000 | ---D | M]
[2010/06/15 12:49:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Courtney\AppData\Roaming\Mozilla\Extensions
[2011/07/29 12:34:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Courtney\AppData\Roaming\Mozilla\Firefox\Profiles\yfvqc6wy.default\extensions
[2012/03/20 13:43:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\COURTNEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFVQC6WY.DEFAULT\EXTENSIONS\OPTOUT@GOOGLE.COM.XPI
[2012/03/20 13:43:04 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2009/11/06 12:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2012/03/01 17:24:55 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/06 12:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/02/16 13:53:20 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/16 13:53:20 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Courtney\AppData\Local\Google\Chrome\Application\9.0.597.98\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\Courtney\AppData\Local\Google\Chrome\Application\9.0.597.98\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Courtney\AppData\Local\Google\Chrome\Application\9.0.597.98\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.140.8 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Coupon Print Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
CHR - plugin: Coupon Print Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol500.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Courtney\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.51204.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: IBA Opt-out (by Google) = C:\Users\Courtney\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbiekjoijknlhijdjbaadobpkdhmoebb\1.0_2\
O1 HOSTS File: ([2012/03/21 10:09:56 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (hpBHO Class) - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll (AOL Products)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} Reg Error: Value error. (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{31B524DF-D674-4340-949D-574B089D02EE}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3DC90021-B8C9-42BC-B7FB-B45A8BA8812E}: DhcpNameServer = 65.32.5.111 65.32.5.112
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012/03/21 10:09:51 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/03/20 16:34:52 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Users\Courtney\Desktop\OTL.exe
[2012/03/18 17:40:01 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Roaming\SUPERAntiSpyware.com
[2012/03/18 17:39:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/03/18 17:39:37 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/03/18 17:39:37 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/03/18 10:35:00 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Roaming\Malwarebytes
[2012/03/18 10:34:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/03/14 10:23:08 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/03/14 10:23:07 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/03/14 10:23:07 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/03/14 10:03:26 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/03/14 10:02:27 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/03/14 10:02:27 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/03/14 10:02:27 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/03/14 10:02:05 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012/03/14 10:02:05 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012/03/14 09:59:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/03/14 09:57:49 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/03/14 09:57:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/03/14 09:57:49 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/03/10 15:49:48 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/09 16:51:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2011
[2012/03/06 13:57:30 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\52DA4B3F-6A18-4801-84B4-86F0D4A97B7D.aplzod
[2012/03/01 17:25:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/03/01 17:25:05 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/03/01 17:25:05 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/03/01 17:25:04 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/02/25 19:39:05 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Roaming\.minecraft
========== Files - Modified Within 30 Days ==========
[2012/03/21 10:51:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1821525435-2388932823-2714717496-1001UA.job
[2012/03/21 10:49:51 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/21 10:49:51 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/21 10:47:33 | 000,749,030 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/21 10:47:33 | 000,639,742 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/21 10:47:33 | 000,113,432 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/21 10:41:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/21 10:40:45 | 3144,880,128 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/21 10:09:56 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/03/20 16:34:59 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Courtney\Desktop\OTL.exe
[2012/03/20 15:51:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1821525435-2388932823-2714717496-1001Core.job
[2012/03/20 13:27:04 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2012/03/20 13:27:04 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2012/03/20 13:21:27 | 000,000,272 | ---- | M] () -- C:\Users\Courtney\Desktop\regfix.reg
[2012/03/19 20:32:26 | 000,095,744 | ---- | M] () -- C:\Users\Courtney\Desktop\SystemLook_x64.exe
[2012/03/18 17:39:41 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/03/18 17:27:01 | 000,398,036 | ---- | M] () -- C:\Users\Courtney\Desktop\Summer Camp Handout 1.pdf
[2012/03/17 12:20:54 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForCourtney.job
[2012/03/14 14:19:41 | 000,445,328 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/03/14 09:59:52 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/03/13 11:25:13 | 000,842,949 | ---- | M] () -- C:\Users\Courtney\Documents\Maggie 4th grade talentSearchGuide.pdf
[2012/03/09 16:53:04 | 000,000,319 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012/03/06 16:54:39 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/03/01 17:24:55 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/03/01 17:24:55 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/03/01 17:24:55 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/03/01 17:24:54 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
========== Files Created - No Company Name ==========
[2012/03/20 13:21:27 | 000,000,272 | ---- | C] () -- C:\Users\Courtney\Desktop\regfix.reg
[2012/03/19 20:32:24 | 000,095,744 | ---- | C] () -- C:\Users\Courtney\Desktop\SystemLook_x64.exe
[2012/03/18 17:39:41 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/03/18 17:27:01 | 000,398,036 | ---- | C] () -- C:\Users\Courtney\Desktop\Summer Camp Handout 1.pdf
[2012/03/14 09:59:52 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/03/13 11:25:10 | 000,842,949 | ---- | C] () -- C:\Users\Courtney\Documents\Maggie 4th grade talentSearchGuide.pdf
[2012/03/09 16:51:54 | 000,000,319 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2011/11/13 16:49:31 | 000,207,061 | ---- | C] () -- C:\Windows\hpoins46.dat.temp
[2011/11/13 16:49:31 | 000,000,574 | ---- | C] () -- C:\Windows\hpomdl46.dat.temp
[2011/06/15 20:19:22 | 000,205,644 | ---- | C] () -- C:\Windows\hpoins46.dat
[2011/04/24 21:05:53 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/04/24 21:05:53 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/02/25 08:39:49 | 000,001,854 | ---- | C] () -- C:\Users\Courtney\AppData\Roaming\GhostObjGAFix.xml
[2011/01/05 21:13:18 | 000,005,632 | ---- | C] () -- C:\Users\Courtney\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/22 16:37:31 | 000,038,431 | ---- | C] () -- C:\Users\Courtney\AppData\Roaming\Comma Separated Values (DOS).ADR
[2010/08/25 20:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 20:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 20:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/07/22 15:16:26 | 000,199,528 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/07/20 10:58:34 | 000,737,300 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/07/07 10:45:53 | 000,029,059 | ---- | C] () -- C:\Users\Courtney\AppData\Roaming\Comma Separated Values (Windows).ADR
[2010/06/30 01:12:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2010/06/20 13:34:28 | 000,000,171 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2010/06/14 21:30:43 | 000,023,117 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/03/31 20:34:36 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl46.dat
< End of report >
Your logs look fine, Next time you run Spybot or SuperAntiSpyware and it finds and removes yieldmanager , post the log so I can see where it is.
courtneymc
2012-03-21, 19:25
UGH it's still there!
--- Search result list ---
Right Media: Tracking cookie (Internet Explorer: Courtney) (Cookie, fixed)
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2010-06-20 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2012-01-16 Includes\Adware.sbi (*)
2012-03-13 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-11-29 Includes\DialerC.sbi (*)
2012-01-31 Includes\HeavyDuty.sbi (*)
2011-03-29 Includes\Hijackers.sbi (*)
2011-10-04 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2012-03-13 Includes\Keyloggers.sbi (*)
2012-03-13 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2012-01-10 Includes\Malware.sbi (*)
2012-03-13 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2012-02-28 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2011-02-24 Includes\Security.sbi (*)
2011-12-13 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2012-01-17 Includes\Spyware.sbi (*)
2012-02-28 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2011-09-28 Includes\Trojans.sbi (*)
2012-03-06 Includes\TrojansC-02.sbi (*)
2012-03-12 Includes\TrojansC-03.sbi (*)
2012-03-13 Includes\TrojansC-04.sbi (*)
2012-03-05 Includes\TrojansC-05.sbi (*)
2012-03-09 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
--- System information ---
Unknown Windows version 6.1 (Build: 7601) Service Pack 1 (6.1.7601)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB954430)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB973688)
--- Startup entries list ---
Located: HK_LM:Run,
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, Adobe ARM
command: "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
file: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
size: 843712
MD5: B8E421C0890356CD4A793D8A346D9096
Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
file: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
size: 37296
MD5: 505F022493D471025ADD399A4162208B
Located: HK_LM:Run, APSDaemon
command: "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
file: C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
size: 59240
MD5: 35AC4B63CBB9FB6B4472913E9948B517
Located: HK_LM:Run, BCSSync
command: "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
file: C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe
size: 91520
MD5: 901AA7A38CE13F14B6BBEC38C0595698
Located: HK_LM:Run, ccApp
command: "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
file: C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
size: 115560
MD5: 187A956FB8F79DB449A28A0D08657EFF
Located: HK_LM:Run, HP Software Update
command: C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
file: C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
size: 49208
MD5: C637FC4638A96165256B28D38DE7B953
Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
file: C:\Program Files (x86)\iTunes\iTunesHelper.exe
size: 421736
MD5: 7746FF4871C7EE3C169D19B424A47710
Located: HK_LM:Run, NortonOnlineBackupReminder
command: "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
file: C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe
size: 581480
MD5: E8F915D5140A75ABFF036BBF9D0941AD
Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
file: C:\Program Files (x86)\QuickTime\QTTask.exe
size: 421888
MD5: AF43C4F7F3C8BC95DAD95024F96CDC4A
Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
file: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
size: 254696
MD5: 98A078F838A70F84E1BD490D7C7675F4
Located: HK_LM:Run, UCam_Menu
command: "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
file: C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
size: 218408
MD5: 5C5D40DDDE89190B2B3A19EDAC1CCF55
Located: HK_LM:Run, UpdatePRCShortCut
command: "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
file: C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe
size: 222504
MD5: 4EFCDF3DB1BBA69C09622991280C4ACB
Located: HK_LM:Run, WirelessAssistant
command: C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
file: C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
size: 500792
MD5: A171B56DA31CEA530BFC03734841BD79
Located: HK_CU:Run, Sidebar
where: S-1-5-19...
command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
file: C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
size: 1174016
MD5: DCCA4B04AF87E52EF9EAA2190E06CBAC
Located: HK_CU:RunOnce, mctadmin
where: S-1-5-19...
command: C:\Windows\System32\mctadmin.exe
file: C:\Windows\System32\mctadmin.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:Run, Sidebar
where: S-1-5-20...
command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
file: C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
size: 1174016
MD5: DCCA4B04AF87E52EF9EAA2190E06CBAC
Located: HK_CU:RunOnce, mctadmin
where: S-1-5-20...
command: C:\Windows\System32\mctadmin.exe
file: C:\Windows\System32\mctadmin.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:Run, Google Update
where: S-1-5-21-1821525435-2388932823-2714717496-1001...
command: "C:\Users\Courtney\AppData\Local\Google\Update\GoogleUpdate.exe" /c
file: C:\Users\Courtney\AppData\Local\Google\Update\GoogleUpdate.exe
size: 136176
MD5: F02A533F517EB38333CB12A9E8963773
Located: HK_CU:Run, iCloudServices
where: S-1-5-21-1821525435-2388932823-2714717496-1001...
command: C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
file: C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
size: 59240
MD5: 490AFE9936155466526202C56BD9605E
Located: HK_CU:Run, MobileDocuments
where: S-1-5-21-1821525435-2388932823-2714717496-1001...
command: C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
file: C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
size: 59240
MD5: E0E15F209360E4A97ABCC21A486B4AEE
Located: HK_CU:Run, SUPERAntiSpyware
where: S-1-5-21-1821525435-2388932823-2714717496-1001...
command: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
file: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
size: 4785536
MD5: 26E58AEDCDA906BF5AE35D40CBFD6EA4
Located: Startup (common), Google Calendar Sync.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
file: C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
size: 542264
MD5: C5B5552E5C1A0079C1F7313E7CC7707E
Located: Startup (common), HP Digital Imaging Monitor.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
file: C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
size: 275072
MD5: EAA666E9DD8DCDA6E075087091CB85EE
--- Browser helper object list ---
{0347C33E-8762-4905-BF09-768834316C61} (HP Print Enhancer)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: HP Print Enhancer
CLSID name: HP Print Enhancer
Path: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\
Long name: hpswp_printenhancer.dll
Short name: HPSWP_~3.DLL
Date (created): 10/22/2009 5:29:58 AM
Date (last access): 6/14/2010 9:32:22 PM
Date (last write): 10/22/2009 5:29:58 AM
Filesize: 328248
Attributes: archive
MD5: 972F4608E0BA74BE1DB448947E5A9822
CRC32: C87DAD78
Version: 132.0.55458.0
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (AcroIEHelperStub)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: AcroIEHelperStub
CLSID name: Adobe PDF Link Helper
Path: C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelperShim.dll
Short name: ACROIE~2.DLL
Date (created): 1/3/2012 12:16:32 PM
Date (last access): 1/13/2012 4:11:36 PM
Date (last write): 1/3/2012 12:16:32 PM
Filesize: 75200
Attributes: archive
MD5: 1F9B3487739B31C3D770728CB157A54D
CRC32: 3F012C08
Version: 9.5.0.270
{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDHelper.dll
info link: http://www.safer-networking.org/
info source: Safer-Networking Ltd.
Path: C:\PROGRA~2\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 6/20/2010 4:58:10 PM
Date (last access): 6/20/2010 4:58:10 PM
Date (last write): 1/26/2009 3:31:02 PM
Filesize: 1879896
Attributes: archive
MD5: 022C2F6DCCDFA0AD73024D254E62AFAC
CRC32: 5BA24007
Version: 1.6.2.14
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Groove GFS Browser Helper
Path: C:\PROGRA~2\MICROS~4\Office14\
Long name: GROOVEEX.DLL
Short name:
Date (created): 6/12/2011 11:15:00 AM
Date (last access): 9/16/2011 8:48:02 AM
Date (last write): 6/12/2011 11:15:00 AM
Filesize: 4221328
Attributes: archive
MD5: FB8C6A46EAF7585D2CA8583C4C9A8EDF
CRC32: F6E23C3B
Version: 14.0.6106.5000
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (Java(tm) Plug-In SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In SSV Helper
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: ssv.dll
Short name:
Date (created): 3/1/2012 5:24:56 PM
Date (last access): 3/1/2012 5:24:56 PM
Date (last write): 3/1/2012 5:24:56 PM
Filesize: 325408
Attributes: archive
MD5: 8E6C86726B67D3FAA3144849B9AAC06C
CRC32: B1F4AB5B
Version: 6.0.310.5
{9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live ID Sign-in Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Windows Live ID Sign-in Helper
Path: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\
Long name: WindowsLiveLogin.dll
Short name: WINDOW~1.DLL
Date (created): 9/21/2010 2:08:38 PM
Date (last access): 10/25/2010 2:17:10 PM
Date (last write): 9/21/2010 2:08:38 PM
Filesize: 439168
Attributes: archive
MD5: 6BF01E200063D7274F3AF06D226671F5
CRC32: C8953126
Version: 7.250.4225.0
{ABD3B5E1-B268-407B-A150-2641DAB8D898} (HelloWorldBHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: HelloWorldBHO
CLSID name: hpBHO Class
Path: C:\Program Files (x86)\Common Files\Homepage Protection\
Long name: HomepageProtection.dll
Short name: HOMEPA~1.DLL
Date (created): 6/8/2009 5:41:24 PM
Date (last access): 8/15/2009 1:48:34 AM
Date (last write): 6/8/2009 5:41:24 PM
Filesize: 120104
Attributes: archive
MD5: 097E5757DCC2DFEBEB5502218DC707EF
CRC32: 929EA499
Version: 1.0.0.4
{B4F3A835-0E21-4959-BA22-42B3008E02FF} (URLRedirectionBHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: URLRedirectionBHO
CLSID name: Office Document Cache Handler
Path: C:\PROGRA~2\MICROS~4\Office14\
Long name: URLREDIR.DLL
Short name:
Date (created): 12/21/2010 1:05:22 AM
Date (last access): 7/10/2011 6:48:36 PM
Date (last write): 12/21/2010 1:05:22 AM
Filesize: 561552
Attributes: archive
MD5: A5D08B86E8A437AA6DEAF7A187BF6CA5
CRC32: CEA4973B
Version: 14.0.6015.1000
{d2ce3e00-f94a-4740-988e-03dc2f38c34f} (Bing Bar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Bing Bar Helper
Path: "C:\Program Files (x86)\Microsoft\BingBar\
Long name: BingExt.dll"
{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In 2 SSV Helper
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 3/1/2012 5:24:56 PM
Date (last access): 3/1/2012 5:24:56 PM
Date (last write): 3/1/2012 5:24:56 PM
Filesize: 42272
Attributes: archive
MD5: A9770771B622A871643EA2A4A3983E95
CRC32: D1C0DA03
Version: 6.0.310.5
{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} (HP Smart BHO Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: HP Smart BHO Class
CLSID name: HP Smart BHO Class
Path: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\
Long name: hpswp_BHO.dll
Short name: HPSWP_~1.DLL
Date (created): 10/22/2009 5:29:56 AM
Date (last access): 6/14/2010 9:32:22 PM
Date (last write): 10/22/2009 5:29:56 AM
Filesize: 517688
Attributes: archive
MD5: 4743B45C41BE35709F81BEC62FDA0AA0
CRC32: CC2D5870
Version: 132.0.55458.0
--- ActiveX list ---
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_31
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 3/1/2012 5:24:56 PM
Date (last access): 3/1/2012 5:24:56 PM
Date (last write): 3/1/2012 5:24:56 PM
Filesize: 104224
Attributes: archive
MD5: C7AD5E5E4FC8AF697A91BF56D1806B8D
CRC32: D5225578
Version: 6.0.310.5
{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_31
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 3/1/2012 5:24:56 PM
Date (last access): 3/1/2012 5:24:56 PM
Date (last write): 3/1/2012 5:24:56 PM
Filesize: 104224
Attributes: archive
MD5: C7AD5E5E4FC8AF697A91BF56D1806B8D
CRC32: D5225578
Version: 6.0.310.5
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_31
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: npjpi160_31.dll
Short name: NPJPI1~1.DLL
Date (created): 3/1/2012 5:24:56 PM
Date (last access): 3/1/2012 5:24:56 PM
Date (last write): 3/1/2012 5:24:56 PM
Filesize: 141088
Attributes: archive
MD5: 77149DCA2C3134C50150ECD33593F4A8
CRC32: 88B54397
Version: 6.0.310.5
{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer:
Codebase:
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\Windows\SysWOW64\Macromed\Flash\
Long name: Flash11c.ocx
Short name:
Date (created): 10/29/2011 5:55:20 PM
Date (last access): 10/29/2011 5:55:20 PM
Date (last write): 10/29/2011 5:55:20 PM
Filesize: 8627360
Attributes: readonly archive
MD5: BD007D624E4CD905AB2E8DF2C6DE891C
CRC32: D59CAAAD
Version: 11.0.1.152
--- Process list ---
PID: 0 ( 0) [System]
PID: 2452 (1504) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
size: 59240
MD5: 490AFE9936155466526202C56BD9605E
PID: 2564 (1504) C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
size: 59240
MD5: E0E15F209360E4A97ABCC21A486B4AEE
PID: 2888 (1504) C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
size: 542264
MD5: C5B5552E5C1A0079C1F7313E7CC7707E
PID: 2956 (1504) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
size: 275072
MD5: EAA666E9DD8DCDA6E075087091CB85EE
PID: 1124 (2564) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
size: 13672
MD5: BB3A22F3EED85A12CFB2DD60D9F9B52F
PID: 2404 ( 676) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
size: 50544
MD5: 4CC38227FE6086678720AF8FBD764B6E
PID: 3352 (2772) C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
size: 115560
MD5: 187A956FB8F79DB449A28A0D08657EFF
PID: 3512 ( 676) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
size: 59240
MD5: 35AC4B63CBB9FB6B4472913E9948B517
PID: 3548 (2772) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
size: 49208
MD5: C637FC4638A96165256B28D38DE7B953
PID: 3636 (2772) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
size: 254696
MD5: 98A078F838A70F84E1BD490D7C7675F4
PID: 3696 (2772) C:\Program Files (x86)\iTunes\iTunesHelper.exe
size: 421736
MD5: 7746FF4871C7EE3C169D19B424A47710
PID: 4676 (1712) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
size: 1187072
MD5: 0830E6BA8463BEF96CF69C1993F74A4B
PID: 4828 (2956) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
size: 174952
MD5: C180E890FFE0FDED8306427D3C836AF2
PID: 4924 ( 676) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
size: 565096
MD5: B29A08A0CB56CD5A4B9C53A011819657
PID: 5092 ( 676) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
size: 366720
MD5: 66BB5B07696219FA334452D6F51FD648
PID: 4376 ( 676) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
size: 632888
MD5: 0DE3C7622EC33126579B1742260F08C2
PID: 3112 (1504) C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID: 5908 (1504) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
size: 15759200
MD5: C99E4311B92365522C0F9EA8E1527840
PID: 6108 (3892) C:\Windows\sysWow64\SearchProtocolHost.exe
size: 164352
MD5: E1AC89F6C5252057E6062843E36A6701
PID: 5436 (5908) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
size: 924600
MD5: 637F2BDC0E53704D121DDD27A1F62090
PID: 5924 (5436) C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
size: 16824
MD5: 1AA987A15080E19E83F0872F8FC0FFC2
PID: 4 ( 0) System
PID: 280 ( 4) smss.exe
PID: 396 ( 388) csrss.exe
PID: 456 ( 448) csrss.exe
PID: 464 ( 388) wininit.exe
size: 96256
PID: 512 ( 448) winlogon.exe
PID: 560 ( 464) services.exe
PID: 568 ( 464) lsass.exe
PID: 580 ( 464) lsm.exe
PID: 676 ( 560) svchost.exe
size: 20992
PID: 752 ( 560) svchost.exe
size: 20992
PID: 852 ( 560) svchost.exe
size: 20992
PID: 892 ( 560) svchost.exe
size: 20992
PID: 916 ( 560) svchost.exe
size: 20992
PID: 940 ( 560) stacsv64.exe
PID: 632 ( 560) svchost.exe
size: 20992
PID: 1096 ( 560) Smc.exe
PID: 1208 ( 560) svchost.exe
size: 20992
PID: 1356 ( 560) ccSvcHst.exe
PID: 1464 ( 892) C:\Windows\System32\dwm.exe
PID: 1504 (1444) C:\Windows\explorer.exe
size: 2871808
MD5: 332FEAB1435662FC6C672E25BEB37BE3
PID: 1712 ( 560) AAWService.exe
PID: 1904 ( 560) C:\Windows\System32\taskhost.exe
PID: 1912 (1096) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
size: 3862344
MD5: 4DB775CB3A7A1988F043BA4D0CE9E489
PID: 1920 ( 560) spoolsv.exe
PID: 1952 ( 560) svchost.exe
size: 20992
PID: 1168 ( 560) SASCore64.exe
PID: 448 ( 560) AESTSr64.exe
PID: 1484 ( 560) agr64svc.exe
PID: 1576 ( 560) AppleMobileDeviceService.exe
PID: 548 ( 560) SeaPort.EXE
PID: 2104 (1504) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
size: 1815848
MD5: 435AFCEBC01BE92CF988F86A64DE5B4E
PID: 2140 (1504) C:\Program Files\IDT\WDM\sttray64.exe
size: 487424
MD5: F4290F0F67C0506A825647961C151E0D
PID: 2204 (1504) C:\Windows\System32\hkcmd.exe
PID: 2212 ( 560) mDNSResponder.exe
PID: 2220 (1504) C:\Windows\System32\igfxpers.exe
PID: 2252 ( 560) svchost.exe
size: 20992
PID: 2292 ( 560) HPDrvMntSvc.exe
PID: 2348 ( 560) svchost.exe
size: 20992
PID: 2468 ( 560) LSSrvc.exe
PID: 2608 ( 560) svchost.exe
size: 20992
PID: 2704 ( 560) svchost.exe
size: 20992
PID: 2756 (1504) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
size: 4785536
MD5: 26E58AEDCDA906BF5AE35D40CBFD6EA4
PID: 2780 ( 560) RichVideo.exe
PID: 2844 ( 560) svchost.exe
size: 20992
PID: 2868 ( 560) Rtvscan.exe
PID: 2096 ( 560) WLIDSVC.EXE
PID: 736 ( 456) C:\Windows\System32\conhost.exe
PID: 2344 (2096) WLIDSVCM.EXE
PID: 3212 ( 560) SDWinSec.exe
PID: 3324 (2772) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
size: 500792
MD5: A171B56DA31CEA530BFC03734841BD79
PID: 3652 ( 676) unsecapp.exe
PID: 3856 ( 560) svchost.exe
size: 20992
PID: 3892 ( 560) SearchIndexer.exe
size: 427520
PID: 3300 ( 676) WmiPrvSE.exe
PID: 3876 (2104) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
size: 120616
MD5: 31FF084BFAA35307DBAB4FA60CF7DBB7
PID: 4116 ( 560) svchost.exe
size: 20992
PID: 4140 ( 560) iPodService.exe
PID: 4808 ( 560) hpqWmiEx.exe
PID: 4612 (4376) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
size: 311352
MD5: 22309C300E4F1E33BC75EDA065C3C384
PID: 3964 ( 560) HPSA_Service.exe
PID: 4524 ( 560) IntuitUpdateService.exe
PID: 1728 ( 560) IntuitUpdateService.exe
PID: 1772 ( 560) svchost.exe
size: 20992
PID: 4008 ( 560) wmpnetwk.exe
PID: 2836 ( 560) svchost.exe
size: 20992
PID: 5136 ( 676) dllhost.exe
size: 7168
PID: 3880 ( 560) OSPPSVC.EXE
PID: 6044 (3892) C:\Windows\System32\SearchFilterHost.exe
size: 86528
MD5: A6CD6B3F71E13E2E45B727FB8A47EA87
PID: 5364 ( 852) audiodg.exe
PID: 2532 (3892) SearchProtocolHost.exe
size: 164352
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 3/21/2012 2:24:43 PM
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://yahoo.com/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\SysWOW64\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896
--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 3: MSAFD Tcpip [TCP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 4: MSAFD Tcpip [UDP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 5: MSAFD Tcpip [RAW/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 6: RSVP TCPv6 Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 7: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 8: RSVP UDPv6 Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 9: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 10: MSAFD Irda [IrDA]
GUID: {3972523D-2AF1-11D1-B655-00805F3642CC}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Infrared protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Irda [IrDA]
Namespace Provider 0: Network Location Awareness Legacy (NLAv1) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename:
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
Namespace Provider 1: E-mail Naming Shim Provider
GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
Filename:
Namespace Provider 2: PNRP Cloud Namespace Provider
GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
Filename:
Namespace Provider 3: PNRP Name Namespace Provider
GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
Filename:
Namespace Provider 4: WindowsLive NSP
GUID: {4177DDE9-6028-479E-B7B7-03591A63FF3A}
Filename: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
Namespace Provider 5: WindowsLive Local NSP
GUID: {229F2A2C-5F18-4A06-8F89-3A372170624D}
Filename: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
Namespace Provider 6: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename:
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP
Namespace Provider 7: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS
Namespace Provider 8: mdnsNSP
GUID: {B600E6E9-553B-4A19-8696-335E5C896153}
Filename: C:\Program Files (x86)\Bonjour\mdnsNSP.dll
Description: Apple Rendezvous protocol
DB filename: %ProgramFiles%\Rendezvous\bin\mdnsNSP.dll
DB protocol: mdnsNSP
Hi,
When you say its still there, what does it say, I see no trace of it on your Spybot log. We added yieldmanager.com and .net and a couple other wordings for this, when it finds it next time just add it to the blocked list, I cant add it for you because your not telling me exactly what it found.
Add this also to the blocked list
Right Media
courtneymc
2012-03-22, 00:08
sorry, I thought that was in the log somewhere. I'll rerun and post exactly what it's telling me it found and removed.
Also, this is strange. In Firefox, when I go to my tools, it shows never remember history, even though what I set it to each time I go in and add something to the blocked list is 'custom'. Does that matter?
here is what I see when I first go to the tab, hmm, not sure how to copy in an image so I'll attach. the one attached called privacy.
Then, the image attached called privacy 2 is how I add items to the blocked list by clicking on exceptions once I've switched from never remember history to custom. I click ok but every time I reopen the tools it's back to never remember history.
And, on the blocking- is the way it should be working that i run spybot, find it, remove it, add it to the block list, and then it won't come back again? I'm not understanding how blocking it will help since it's never really removed it- I run spybot, remove it, and even if I don't open *anything* else, just immediately rerun spybot, it finds the same file. I would think if it were really removing it, it would at least be gone until I've opened a browser again...
Am I doing something wrong here?
What I would do is set FF to Set Cookies from sites < Exceptions and add yieldmanager , also uncheck cookies from 3rd parties.
Your History will be different than accepting cookies so you can set that either way.
When you block a cookie, if a site depends upon needing it ( for example SaferNetworking) it stores your user name and password so that you wont have to enter it each time you visit this site. If you enter a site than uses yieldmanager it may prevent you from accessing that site if you dont except the cookie.
Well, where not talking malware here, just a tracking cookie and SuperAntiSpyware and Spybot will remove them for you if you run a scan on lets say a weekly basis.
courtneymc
2012-03-22, 02:08
here is a screen print of what spybot continually finds.
as to the settings- what I'm saying is I can't even get to the screen that lets me block sites without having to change that 'firefox will' from 'never remember history' to 'use custom settings for history'.
Is there another place to block cookies? it just seems so strange to me that it always changes back to 'never rememebr history' and I have to change it back to get to my exceptions.
let me know if the attached helps you narrow down where the darn thing is hiding- b/c it never goes away!
courtneymc
2012-03-22, 02:10
here's what my block list looks like:
Did you disable the TeaTimer, that could be preventing the change. Open up Firefox and click on Help> About and make sure you have version 11.0
http://support.mozilla.org/en-US/kb/Enabling%20and%20disabling%20cookies
Adding Right Media to the block list was a good move.
Why FF is staying at Never remember History , I dont know, you may want to post on there forum and ask
http://forums.mozillazine.org/index.php?c=4
courtneymc
2012-03-22, 21:36
Yes, I disabled teatimer. i'll show the screen print to be sure.
I'm using FF version 11.
so the way i'm blocking is correct, right?
any other ideas??
thanks!
Lets run this cleaner
Download TFC (http://oldtimer.geekstogo.com/TFC.exe) to your desktop
Close any open windows.
Double click the TFC icon to run the program
TFC will close all open programs itself in order to run,
Click the Start button to begin the process.
Allow TFC to run uninterrupted.
The program should not take long to finish it's job
Once its finished it should automatically reboot your machine,
if it doesn't, manually reboot to ensure a complete clean
What I would do is just to run Spybot and SuperAntiSpyware on a weekly basis and have it remove any tracking cookies. If you start setting your browsers to block all cookies you will not be able to access some sites
courtneymc
2012-03-23, 19:11
Hi,
I ran the latest program and rebooted and re-ran spybot, still getting the same file found. :sad: any other ideas? thanks!
Courtney,
Go back and look at Post # 29, you will see that yieldmanager is a sub folder of Right Media, when Spybot finds it is it in a different sub folder or alone ?
Add these in both FF and IE to your blocked list
ad.yieldmanager.com
ad.yieldmanager.txt
www.yieldmanager.com
www.ad.yieldmanager.com
courtney@ad.yieldmanager.com
Go back and open System Look and add this script and post the log please.
:Filefind
*yieldmanager*
:Folderfind
*yieldmanager*
:Regfind
*yieldmanager*
courtneymc
2012-03-24, 19:21
I looked back at post 29, what is coming up in spybot is still exactly the same, the subfolder. I'll block those additional sites and run those new instructions and post when it's done.
courtneymc
2012-03-25, 01:35
here are the results:
SystemLook 27.08.10 by jpshortstuff
Log created at 14:32 on 24/03/2012 by Courtney
Administrator - Elevation successful
========== Filefind ==========
Searching for "*yieldmanager*"
No files found.
========== Folderfind ==========
Searching for "*yieldmanager*"
No folders found.
========== Regfind ==========
Searching for "*yieldmanager*"
No data found.
-= EOF =-
Lets do the same with Right Media
:Filefind
*Right Media*
:Folderfind
*Right Media*
:Regfind
*Right Media*
courtneymc
2012-03-25, 15:29
SystemLook 27.08.10 by jpshortstuff
Log created at 08:50 on 25/03/2012 by Courtney
Administrator - Elevation successful
========== Filefind ==========
Searching for "*Right Media*"
No files found.
========== Folderfind ==========
Searching for "*Right Media*"
No folders found.
========== Regfind ==========
Searching for "*Right Media*"
No data found.
-= EOF =-
Courtney,
When you run a scan with Spybot, down on the bottom left it shows what its checking for, not what it found, is this where your seeing yieldmanager.
SuperAntiSpyware found and removed a ton of tracking cookies, those cookies are also in Chrome.
Open Chome and click on the littel wrench up on the top right and go to tools > Clear browsing history and check cookies.
Then run SuperAntiSpyware again and lets see whats left
courtneymc
2012-03-25, 20:29
I don't have Chrome anyone, I deleted it six months or a year ago.
Spybot is showing it in the list of what it found and removed, just like the picture I posted, it hasn't changed at all...
Run SuperAntiSpyware and post the log please
Add these to your blocked list in both IE and FF
Rightmedia
Rightmedia.com
Rightmedia.txt
courtneymc
2012-03-26, 14:53
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 03/25/2012 at 10:13 PM
Application Version : 5.0.1146
Core Rules Database Version : 8377
Trace Rules Database Version: 6189
Scan type : Complete Scan
Total Scan Time : 02:06:27
Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User
Memory items scanned : 677
Memory threats detected : 0
Registry items scanned : 67626
Registry threats detected : 0
File items scanned : 225031
File threats detected : 0
courtneymc
2012-03-26, 14:56
I might not be able to post for the next couple of days, thanks for your patience!
That's fine, I will keep this thread open for you. But it looks like we are about done, I don't know what Spybot is finding but according to SAS there are no traces of any tracking cookies at all on your system.
So at this point, just run SAS and Spybot on a regular basis and remove what it finds.
courtneymc
2012-03-29, 02:14
thanks for your help! It's frustrating that spybot can't remove it but I guess if nothing else is finding it I'm out of luck.
thanks again!
Maybe a false positive as some of other scanners are not finding it,
Just run SAS occasionally and let it remove it if it shows up.
Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups, any programs that where not removed you can just drag to the trash.
Malwarebytes is the free version and yours to keep and will not be removed
How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/index.php?showtopic=57817)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)
Safe Surfn
Ken
courtneymc
2012-03-29, 17:21
thanks again for your help!