Can't get rid of ad.yieldmanager.com

[ken545]

Good Morning,

Here is info on Homepage Protection, you can uninstall it if you wish, it may be more of a nuisance than anything else
http://www.systemlookup.com/CLSID/66044-HomepageProtection_dll.html


As far as the TeaTimer, leave it disabled until where done then you can re enable it



Open OTL.exe

• Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
  
  

  :processes
  killallprocesses
  
  
  :OTL
  IE:64bit: - HKLM\..\SearchScopes\{69B38643-8C04-4B58-A328-1E9A27FDA35E}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
  IE - HKLM\..\SearchScopes\{69B38643-8C04-4B58-A328-1E9A27FDA35E}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
  IE - HKU\S-1-5-21-1821525435-2388932823-2714717496-1001\..\SearchScopes\{69B38643-8C04-4B58-A328-1E9A27FDA35E}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
  [2010/09/20 10:37:34 | 000,466,944 | ---- | M] (Catalina Marketing Corp.) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
  [2010/09/20 10:37:34 | 000,466,944 | ---- | M] (Catalina Marketing Corp.) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol500.dll
  [2012/02/24 21:24:27 | 000,441,415 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120302-182958.backup
  
  
  :Services
  
  :Reg
  
  :Files
  ipconfig /flushdns /c
  
  
  
  
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [start explorer]
  [Reboot]

• Then click the Run Fix button at the top. <--Not run Scan
• Let the program run unhindered, reboot when it is done
• Then post the results of the log it produces.
• Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

 

[courtneymc]

here is the log after running the fix, will post after run the scan once it's done:

All processes killed
========== PROCESSES ==========
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{69B38643-8C04-4B58-A328-1E9A27FDA35E}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69B38643-8C04-4B58-A328-1E9A27FDA35E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{69B38643-8C04-4B58-A328-1E9A27FDA35E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69B38643-8C04-4B58-A328-1E9A27FDA35E}\ not found.
Registry key HKEY_USERS\S-1-5-21-1821525435-2388932823-2714717496-1001\Software\Microsoft\Internet Explorer\SearchScopes\{69B38643-8C04-4B58-A328-1E9A27FDA35E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69B38643-8C04-4B58-A328-1E9A27FDA35E}\ not found.
C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll moved successfully.
C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol500.dll moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20120302-182958.backup moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Courtney\Desktop\cmd.bat deleted successfully.
C:\Users\Courtney\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Courtney
->Temp folder emptied: 14314735 bytes
->Temporary Internet Files folder emptied: 1079062550 bytes
->Java cache emptied: 20598446 bytes
->FireFox cache emptied: 58148842 bytes
->Google Chrome cache emptied: 115533023 bytes
->Flash cache emptied: 177521 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 690023 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 84726 bytes
RecycleBin emptied: 1949016573 bytes

Total Files Cleaned = 3,088.00 mb


OTL by OldTimer - Version 3.2.39.1 log created on 03212012_100951

Files\Folders moved on Reboot...
C:\Users\Courtney\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

 

[courtneymc]

here is the post scan log:
OTL logfile created on: 3/21/2012 10:49:59 AM - Run 2
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\Courtney\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.91 Gb Total Physical Memory | 2.08 Gb Available Physical Memory | 53.34% Memory free
7.81 Gb Paging File | 5.78 Gb Available in Paging File | 73.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.73 Gb Total Space | 208.71 Gb Free Space | 73.04% Space Free | Partition Type: NTFS
Drive D: | 12.16 Gb Total Space | 2.04 Gb Free Space | 16.78% Space Free | Partition Type: NTFS

Computer Name: COURTNEY-NB2 | User Name: Courtney | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Courtney\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
PRC - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (AESTFilters) -- C:\Program Files\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agr64svc.exe (LSI Corporation)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (IntuitUpdateServiceV4) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Inc.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (IntuitUpdateService) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ccSetMgr) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (SmcService) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SRV - (Symantec AntiVirus) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SRV - (SNAC) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (Lbd) -- C:\Windows\SysNative\drivers\Lbd.sys (Lavasoft AB)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (NETw5s64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (SRTSPL) -- C:\Windows\SysNative\drivers\srtspl64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (NETw1v64) Intel(R) -- C:\Windows\SysNative\drivers\NETw1v64.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (irda) -- C:\Windows\SysNative\drivers\irda.sys (Microsoft Corporation)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (IntcHdmiAddService) Intel(R) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (grmnusb) -- C:\Windows\SysNative\drivers\grmnusb.sys (GARMIN Corp.)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation)
DRV:64bit: - (MosIrUsb) -- C:\Windows\SysNative\drivers\MosIrUsb.sys ()
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (Lavasoft Kernexplorer) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys ()
DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120320.002\EX64.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120320.002\ENG64.SYS (Symantec Corporation)
DRV - (SRTSPL) -- C:\Windows\SysWOW64\drivers\srtspl64.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\SysWOW64\drivers\srtsp64.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\SysWOW64\drivers\srtspx64.sys (Symantec Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {3D868A69-F711-4F8F-A8D9-0F5AE2B3FD72}
IE:64bit: - HKLM\..\SearchScopes\{3D868A69-F711-4F8F-A8D9-0F5AE2B3FD72}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
IE - HKLM\..\SearchScopes,DefaultScope = {3D868A69-F711-4F8F-A8D9-0F5AE2B3FD72}
IE - HKLM\..\SearchScopes\{3D868A69-F711-4F8F-A8D9-0F5AE2B3FD72}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {3D868A69-F711-4F8F-A8D9-0F5AE2B3FD72}
IE - HKCU\..\SearchScopes\{3D868A69-F711-4F8F-A8D9-0F5AE2B3FD72}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "yahoo.com"
FF - prefs.js..extensions.enabledItems: optout@google.com:1.2
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Courtney\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Courtney\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Courtney\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Courtney\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/14 21:32:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/20 13:43:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/03/21 10:09:52 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/14 21:32:21 | 000,000,000 | ---D | M]

[2010/06/15 12:49:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Courtney\AppData\Roaming\Mozilla\Extensions
[2011/07/29 12:34:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Courtney\AppData\Roaming\Mozilla\Firefox\Profiles\yfvqc6wy.default\extensions
[2012/03/20 13:43:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\COURTNEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YFVQC6WY.DEFAULT\EXTENSIONS\OPTOUT@GOOGLE.COM.XPI
[2012/03/20 13:43:04 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2009/11/06 12:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2012/03/01 17:24:55 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/06 12:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/02/16 13:53:20 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/16 13:53:20 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Courtney\AppData\Local\Google\Chrome\Application\9.0.597.98\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\Courtney\AppData\Local\Google\Chrome\Application\9.0.597.98\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Courtney\AppData\Local\Google\Chrome\Application\9.0.597.98\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.140.8 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Coupon Print Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
CHR - plugin: Coupon Print Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol500.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Courtney\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.51204.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: IBA Opt-out (by Google) = C:\Users\Courtney\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbiekjoijknlhijdjbaadobpkdhmoebb\1.0_2\

O1 HOSTS File: ([2012/03/21 10:09:56 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (hpBHO Class) - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll (AOL Products)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} Reg Error: Value error. (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{31B524DF-D674-4340-949D-574B089D02EE}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3DC90021-B8C9-42BC-B7FB-B45A8BA8812E}: DhcpNameServer = 65.32.5.111 65.32.5.112
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/21 10:09:51 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/03/20 16:34:52 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Users\Courtney\Desktop\OTL.exe
[2012/03/18 17:40:01 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Roaming\SUPERAntiSpyware.com
[2012/03/18 17:39:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/03/18 17:39:37 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/03/18 17:39:37 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/03/18 10:35:00 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Roaming\Malwarebytes
[2012/03/18 10:34:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/03/14 10:23:08 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/03/14 10:23:07 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/03/14 10:23:07 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/03/14 10:03:26 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/03/14 10:02:27 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/03/14 10:02:27 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/03/14 10:02:27 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/03/14 10:02:05 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012/03/14 10:02:05 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012/03/14 09:59:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/03/14 09:57:49 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/03/14 09:57:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/03/14 09:57:49 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/03/10 15:49:48 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/09 16:51:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2011
[2012/03/06 13:57:30 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\52DA4B3F-6A18-4801-84B4-86F0D4A97B7D.aplzod
[2012/03/01 17:25:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/03/01 17:25:05 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/03/01 17:25:05 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/03/01 17:25:04 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/02/25 19:39:05 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Roaming\.minecraft

========== Files - Modified Within 30 Days ==========

[2012/03/21 10:51:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1821525435-2388932823-2714717496-1001UA.job
[2012/03/21 10:49:51 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/21 10:49:51 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/21 10:47:33 | 000,749,030 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/21 10:47:33 | 000,639,742 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/21 10:47:33 | 000,113,432 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/21 10:41:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/21 10:40:45 | 3144,880,128 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/21 10:09:56 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/03/20 16:34:59 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Courtney\Desktop\OTL.exe
[2012/03/20 15:51:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1821525435-2388932823-2714717496-1001Core.job
[2012/03/20 13:27:04 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2012/03/20 13:27:04 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2012/03/20 13:21:27 | 000,000,272 | ---- | M] () -- C:\Users\Courtney\Desktop\regfix.reg
[2012/03/19 20:32:26 | 000,095,744 | ---- | M] () -- C:\Users\Courtney\Desktop\SystemLook_x64.exe
[2012/03/18 17:39:41 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/03/18 17:27:01 | 000,398,036 | ---- | M] () -- C:\Users\Courtney\Desktop\Summer Camp Handout 1.pdf
[2012/03/17 12:20:54 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForCourtney.job
[2012/03/14 14:19:41 | 000,445,328 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/03/14 09:59:52 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/03/13 11:25:13 | 000,842,949 | ---- | M] () -- C:\Users\Courtney\Documents\Maggie 4th grade talentSearchGuide.pdf
[2012/03/09 16:53:04 | 000,000,319 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012/03/06 16:54:39 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/03/01 17:24:55 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/03/01 17:24:55 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/03/01 17:24:55 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/03/01 17:24:54 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll

========== Files Created - No Company Name ==========

[2012/03/20 13:21:27 | 000,000,272 | ---- | C] () -- C:\Users\Courtney\Desktop\regfix.reg
[2012/03/19 20:32:24 | 000,095,744 | ---- | C] () -- C:\Users\Courtney\Desktop\SystemLook_x64.exe
[2012/03/18 17:39:41 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/03/18 17:27:01 | 000,398,036 | ---- | C] () -- C:\Users\Courtney\Desktop\Summer Camp Handout 1.pdf
[2012/03/14 09:59:52 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/03/13 11:25:10 | 000,842,949 | ---- | C] () -- C:\Users\Courtney\Documents\Maggie 4th grade talentSearchGuide.pdf
[2012/03/09 16:51:54 | 000,000,319 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2011/11/13 16:49:31 | 000,207,061 | ---- | C] () -- C:\Windows\hpoins46.dat.temp
[2011/11/13 16:49:31 | 000,000,574 | ---- | C] () -- C:\Windows\hpomdl46.dat.temp
[2011/06/15 20:19:22 | 000,205,644 | ---- | C] () -- C:\Windows\hpoins46.dat
[2011/04/24 21:05:53 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/04/24 21:05:53 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/02/25 08:39:49 | 000,001,854 | ---- | C] () -- C:\Users\Courtney\AppData\Roaming\GhostObjGAFix.xml
[2011/01/05 21:13:18 | 000,005,632 | ---- | C] () -- C:\Users\Courtney\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/22 16:37:31 | 000,038,431 | ---- | C] () -- C:\Users\Courtney\AppData\Roaming\Comma Separated Values (DOS).ADR
[2010/08/25 20:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 20:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 20:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/07/22 15:16:26 | 000,199,528 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/07/20 10:58:34 | 000,737,300 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/07/07 10:45:53 | 000,029,059 | ---- | C] () -- C:\Users\Courtney\AppData\Roaming\Comma Separated Values (Windows).ADR
[2010/06/30 01:12:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2010/06/20 13:34:28 | 000,000,171 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2010/06/14 21:30:43 | 000,023,117 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/03/31 20:34:36 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl46.dat

< End of report >

 

[ken545]

Your logs look fine, Next time you run Spybot or SuperAntiSpyware and it finds and removes yieldmanager , post the log so I can see where it is.

 

[courtneymc]

UGH it's still there!


--- Search result list ---
Right Media: Tracking cookie (Internet Explorer: Courtney) (Cookie, fixed)



--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2010-06-20 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2012-01-16 Includes\Adware.sbi (*)
2012-03-13 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-11-29 Includes\DialerC.sbi (*)
2012-01-31 Includes\HeavyDuty.sbi (*)
2011-03-29 Includes\Hijackers.sbi (*)
2011-10-04 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2012-03-13 Includes\Keyloggers.sbi (*)
2012-03-13 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2012-01-10 Includes\Malware.sbi (*)
2012-03-13 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2012-02-28 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2011-02-24 Includes\Security.sbi (*)
2011-12-13 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2012-01-17 Includes\Spyware.sbi (*)
2012-02-28 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2011-09-28 Includes\Trojans.sbi (*)
2012-03-06 Includes\TrojansC-02.sbi (*)
2012-03-12 Includes\TrojansC-03.sbi (*)
2012-03-13 Includes\TrojansC-04.sbi (*)
2012-03-05 Includes\TrojansC-05.sbi (*)
2012-03-09 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll



--- System information ---
Unknown Windows version 6.1 (Build: 7601) Service Pack 1 (6.1.7601)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB954430)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB973688)


--- Startup entries list ---
Located: HK_LM:Run,
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, Adobe ARM
command: "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
file: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
size: 843712
MD5: B8E421C0890356CD4A793D8A346D9096

Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
file: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
size: 37296
MD5: 505F022493D471025ADD399A4162208B

Located: HK_LM:Run, APSDaemon
command: "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
file: C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
size: 59240
MD5: 35AC4B63CBB9FB6B4472913E9948B517

Located: HK_LM:Run, BCSSync
command: "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
file: C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe
size: 91520
MD5: 901AA7A38CE13F14B6BBEC38C0595698

Located: HK_LM:Run, ccApp
command: "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
file: C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
size: 115560
MD5: 187A956FB8F79DB449A28A0D08657EFF

Located: HK_LM:Run, HP Software Update
command: C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
file: C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
size: 49208
MD5: C637FC4638A96165256B28D38DE7B953

Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
file: C:\Program Files (x86)\iTunes\iTunesHelper.exe
size: 421736
MD5: 7746FF4871C7EE3C169D19B424A47710

Located: HK_LM:Run, NortonOnlineBackupReminder
command: "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
file: C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe
size: 581480
MD5: E8F915D5140A75ABFF036BBF9D0941AD

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
file: C:\Program Files (x86)\QuickTime\QTTask.exe
size: 421888
MD5: AF43C4F7F3C8BC95DAD95024F96CDC4A

Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
file: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
size: 254696
MD5: 98A078F838A70F84E1BD490D7C7675F4

Located: HK_LM:Run, UCam_Menu
command: "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
file: C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
size: 218408
MD5: 5C5D40DDDE89190B2B3A19EDAC1CCF55

Located: HK_LM:Run, UpdatePRCShortCut
command: "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
file: C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe
size: 222504
MD5: 4EFCDF3DB1BBA69C09622991280C4ACB

Located: HK_LM:Run, WirelessAssistant
command: C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
file: C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
size: 500792
MD5: A171B56DA31CEA530BFC03734841BD79

Located: HK_CU:Run, Sidebar
where: S-1-5-19...
command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
file: C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
size: 1174016
MD5: DCCA4B04AF87E52EF9EAA2190E06CBAC

Located: HK_CU:RunOnce, mctadmin
where: S-1-5-19...
command: C:\Windows\System32\mctadmin.exe
file: C:\Windows\System32\mctadmin.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, Sidebar
where: S-1-5-20...
command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
file: C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
size: 1174016
MD5: DCCA4B04AF87E52EF9EAA2190E06CBAC

Located: HK_CU:RunOnce, mctadmin
where: S-1-5-20...
command: C:\Windows\System32\mctadmin.exe
file: C:\Windows\System32\mctadmin.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, Google Update
where: S-1-5-21-1821525435-2388932823-2714717496-1001...
command: "C:\Users\Courtney\AppData\Local\Google\Update\GoogleUpdate.exe" /c
file: C:\Users\Courtney\AppData\Local\Google\Update\GoogleUpdate.exe
size: 136176
MD5: F02A533F517EB38333CB12A9E8963773

Located: HK_CU:Run, iCloudServices
where: S-1-5-21-1821525435-2388932823-2714717496-1001...
command: C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
file: C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
size: 59240
MD5: 490AFE9936155466526202C56BD9605E

Located: HK_CU:Run, MobileDocuments
where: S-1-5-21-1821525435-2388932823-2714717496-1001...
command: C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
file: C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
size: 59240
MD5: E0E15F209360E4A97ABCC21A486B4AEE

Located: HK_CU:Run, SUPERAntiSpyware
where: S-1-5-21-1821525435-2388932823-2714717496-1001...
command: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
file: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
size: 4785536
MD5: 26E58AEDCDA906BF5AE35D40CBFD6EA4

Located: Startup (common), Google Calendar Sync.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
file: C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
size: 542264
MD5: C5B5552E5C1A0079C1F7313E7CC7707E

Located: Startup (common), HP Digital Imaging Monitor.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
file: C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
size: 275072
MD5: EAA666E9DD8DCDA6E075087091CB85EE



--- Browser helper object list ---
{0347C33E-8762-4905-BF09-768834316C61} (HP Print Enhancer)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: HP Print Enhancer
CLSID name: HP Print Enhancer
Path: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\
Long name: hpswp_printenhancer.dll
Short name: HPSWP_~3.DLL
Date (created): 10/22/2009 5:29:58 AM
Date (last access): 6/14/2010 9:32:22 PM
Date (last write): 10/22/2009 5:29:58 AM
Filesize: 328248
Attributes: archive
MD5: 972F4608E0BA74BE1DB448947E5A9822
CRC32: C87DAD78
Version: 132.0.55458.0

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (AcroIEHelperStub)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: AcroIEHelperStub
CLSID name: Adobe PDF Link Helper
Path: C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelperShim.dll
Short name: ACROIE~2.DLL
Date (created): 1/3/2012 12:16:32 PM
Date (last access): 1/13/2012 4:11:36 PM
Date (last write): 1/3/2012 12:16:32 PM
Filesize: 75200
Attributes: archive
MD5: 1F9B3487739B31C3D770728CB157A54D
CRC32: 3F012C08
Version: 9.5.0.270

{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDHelper.dll
info link: http://www.safer-networking.org/
info source: Safer-Networking Ltd.
Path: C:\PROGRA~2\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 6/20/2010 4:58:10 PM
Date (last access): 6/20/2010 4:58:10 PM
Date (last write): 1/26/2009 3:31:02 PM
Filesize: 1879896
Attributes: archive
MD5: 022C2F6DCCDFA0AD73024D254E62AFAC
CRC32: 5BA24007
Version: 1.6.2.14

{72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Groove GFS Browser Helper
Path: C:\PROGRA~2\MICROS~4\Office14\
Long name: GROOVEEX.DLL
Short name:
Date (created): 6/12/2011 11:15:00 AM
Date (last access): 9/16/2011 8:48:02 AM
Date (last write): 6/12/2011 11:15:00 AM
Filesize: 4221328
Attributes: archive
MD5: FB8C6A46EAF7585D2CA8583C4C9A8EDF
CRC32: F6E23C3B
Version: 14.0.6106.5000

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (Java(tm) Plug-In SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In SSV Helper
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: ssv.dll
Short name:
Date (created): 3/1/2012 5:24:56 PM
Date (last access): 3/1/2012 5:24:56 PM
Date (last write): 3/1/2012 5:24:56 PM
Filesize: 325408
Attributes: archive
MD5: 8E6C86726B67D3FAA3144849B9AAC06C
CRC32: B1F4AB5B
Version: 6.0.310.5

{9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live ID Sign-in Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Windows Live ID Sign-in Helper
Path: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\
Long name: WindowsLiveLogin.dll
Short name: WINDOW~1.DLL
Date (created): 9/21/2010 2:08:38 PM
Date (last access): 10/25/2010 2:17:10 PM
Date (last write): 9/21/2010 2:08:38 PM
Filesize: 439168
Attributes: archive
MD5: 6BF01E200063D7274F3AF06D226671F5
CRC32: C8953126
Version: 7.250.4225.0

{ABD3B5E1-B268-407B-A150-2641DAB8D898} (HelloWorldBHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: HelloWorldBHO
CLSID name: hpBHO Class
Path: C:\Program Files (x86)\Common Files\Homepage Protection\
Long name: HomepageProtection.dll
Short name: HOMEPA~1.DLL
Date (created): 6/8/2009 5:41:24 PM
Date (last access): 8/15/2009 1:48:34 AM
Date (last write): 6/8/2009 5:41:24 PM
Filesize: 120104
Attributes: archive
MD5: 097E5757DCC2DFEBEB5502218DC707EF
CRC32: 929EA499
Version: 1.0.0.4

{B4F3A835-0E21-4959-BA22-42B3008E02FF} (URLRedirectionBHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: URLRedirectionBHO
CLSID name: Office Document Cache Handler
Path: C:\PROGRA~2\MICROS~4\Office14\
Long name: URLREDIR.DLL
Short name:
Date (created): 12/21/2010 1:05:22 AM
Date (last access): 7/10/2011 6:48:36 PM
Date (last write): 12/21/2010 1:05:22 AM
Filesize: 561552
Attributes: archive
MD5: A5D08B86E8A437AA6DEAF7A187BF6CA5
CRC32: CEA4973B
Version: 14.0.6015.1000

{d2ce3e00-f94a-4740-988e-03dc2f38c34f} (Bing Bar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Bing Bar Helper
Path: "C:\Program Files (x86)\Microsoft\BingBar\
Long name: BingExt.dll"

{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In 2 SSV Helper
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 3/1/2012 5:24:56 PM
Date (last access): 3/1/2012 5:24:56 PM
Date (last write): 3/1/2012 5:24:56 PM
Filesize: 42272
Attributes: archive
MD5: A9770771B622A871643EA2A4A3983E95
CRC32: D1C0DA03
Version: 6.0.310.5

{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} (HP Smart BHO Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: HP Smart BHO Class
CLSID name: HP Smart BHO Class
Path: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\
Long name: hpswp_BHO.dll
Short name: HPSWP_~1.DLL
Date (created): 10/22/2009 5:29:56 AM
Date (last access): 6/14/2010 9:32:22 PM
Date (last write): 10/22/2009 5:29:56 AM
Filesize: 517688
Attributes: archive
MD5: 4743B45C41BE35709F81BEC62FDA0AA0
CRC32: CC2D5870
Version: 132.0.55458.0



--- ActiveX list ---
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_31
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 3/1/2012 5:24:56 PM
Date (last access): 3/1/2012 5:24:56 PM
Date (last write): 3/1/2012 5:24:56 PM
Filesize: 104224
Attributes: archive
MD5: C7AD5E5E4FC8AF697A91BF56D1806B8D
CRC32: D5225578
Version: 6.0.310.5

{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_31
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 3/1/2012 5:24:56 PM
Date (last access): 3/1/2012 5:24:56 PM
Date (last write): 3/1/2012 5:24:56 PM
Filesize: 104224
Attributes: archive
MD5: C7AD5E5E4FC8AF697A91BF56D1806B8D
CRC32: D5225578
Version: 6.0.310.5

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_31
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: npjpi160_31.dll
Short name: NPJPI1~1.DLL
Date (created): 3/1/2012 5:24:56 PM
Date (last access): 3/1/2012 5:24:56 PM
Date (last write): 3/1/2012 5:24:56 PM
Filesize: 141088
Attributes: archive
MD5: 77149DCA2C3134C50150ECD33593F4A8
CRC32: 88B54397
Version: 6.0.310.5

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer:
Codebase:
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\Windows\SysWOW64\Macromed\Flash\
Long name: Flash11c.ocx
Short name:
Date (created): 10/29/2011 5:55:20 PM
Date (last access): 10/29/2011 5:55:20 PM
Date (last write): 10/29/2011 5:55:20 PM
Filesize: 8627360
Attributes: readonly archive
MD5: BD007D624E4CD905AB2E8DF2C6DE891C
CRC32: D59CAAAD
Version: 11.0.1.152



--- Process list ---
PID: 0 ( 0) [System]
PID: 2452 (1504) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
size: 59240
MD5: 490AFE9936155466526202C56BD9605E
PID: 2564 (1504) C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
size: 59240
MD5: E0E15F209360E4A97ABCC21A486B4AEE
PID: 2888 (1504) C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
size: 542264
MD5: C5B5552E5C1A0079C1F7313E7CC7707E
PID: 2956 (1504) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
size: 275072
MD5: EAA666E9DD8DCDA6E075087091CB85EE
PID: 1124 (2564) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
size: 13672
MD5: BB3A22F3EED85A12CFB2DD60D9F9B52F
PID: 2404 ( 676) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
size: 50544
MD5: 4CC38227FE6086678720AF8FBD764B6E
PID: 3352 (2772) C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
size: 115560
MD5: 187A956FB8F79DB449A28A0D08657EFF
PID: 3512 ( 676) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
size: 59240
MD5: 35AC4B63CBB9FB6B4472913E9948B517
PID: 3548 (2772) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
size: 49208
MD5: C637FC4638A96165256B28D38DE7B953
PID: 3636 (2772) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
size: 254696
MD5: 98A078F838A70F84E1BD490D7C7675F4
PID: 3696 (2772) C:\Program Files (x86)\iTunes\iTunesHelper.exe
size: 421736
MD5: 7746FF4871C7EE3C169D19B424A47710
PID: 4676 (1712) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
size: 1187072
MD5: 0830E6BA8463BEF96CF69C1993F74A4B
PID: 4828 (2956) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
size: 174952
MD5: C180E890FFE0FDED8306427D3C836AF2
PID: 4924 ( 676) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
size: 565096
MD5: B29A08A0CB56CD5A4B9C53A011819657
PID: 5092 ( 676) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
size: 366720
MD5: 66BB5B07696219FA334452D6F51FD648
PID: 4376 ( 676) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
size: 632888
MD5: 0DE3C7622EC33126579B1742260F08C2
PID: 3112 (1504) C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID: 5908 (1504) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
size: 15759200
MD5: C99E4311B92365522C0F9EA8E1527840
PID: 6108 (3892) C:\Windows\sysWow64\SearchProtocolHost.exe
size: 164352
MD5: E1AC89F6C5252057E6062843E36A6701
PID: 5436 (5908) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
size: 924600
MD5: 637F2BDC0E53704D121DDD27A1F62090
PID: 5924 (5436) C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
size: 16824
MD5: 1AA987A15080E19E83F0872F8FC0FFC2
PID: 4 ( 0) System
PID: 280 ( 4) smss.exe
PID: 396 ( 388) csrss.exe
PID: 456 ( 448) csrss.exe
PID: 464 ( 388) wininit.exe
size: 96256
PID: 512 ( 448) winlogon.exe
PID: 560 ( 464) services.exe
PID: 568 ( 464) lsass.exe
PID: 580 ( 464) lsm.exe
PID: 676 ( 560) svchost.exe
size: 20992
PID: 752 ( 560) svchost.exe
size: 20992
PID: 852 ( 560) svchost.exe
size: 20992
PID: 892 ( 560) svchost.exe
size: 20992
PID: 916 ( 560) svchost.exe
size: 20992
PID: 940 ( 560) stacsv64.exe
PID: 632 ( 560) svchost.exe
size: 20992
PID: 1096 ( 560) Smc.exe
PID: 1208 ( 560) svchost.exe
size: 20992
PID: 1356 ( 560) ccSvcHst.exe
PID: 1464 ( 892) C:\Windows\System32\dwm.exe
PID: 1504 (1444) C:\Windows\explorer.exe
size: 2871808
MD5: 332FEAB1435662FC6C672E25BEB37BE3
PID: 1712 ( 560) AAWService.exe
PID: 1904 ( 560) C:\Windows\System32\taskhost.exe
PID: 1912 (1096) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
size: 3862344
MD5: 4DB775CB3A7A1988F043BA4D0CE9E489
PID: 1920 ( 560) spoolsv.exe
PID: 1952 ( 560) svchost.exe
size: 20992
PID: 1168 ( 560) SASCore64.exe
PID: 448 ( 560) AESTSr64.exe
PID: 1484 ( 560) agr64svc.exe
PID: 1576 ( 560) AppleMobileDeviceService.exe
PID: 548 ( 560) SeaPort.EXE
PID: 2104 (1504) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
size: 1815848
MD5: 435AFCEBC01BE92CF988F86A64DE5B4E
PID: 2140 (1504) C:\Program Files\IDT\WDM\sttray64.exe
size: 487424
MD5: F4290F0F67C0506A825647961C151E0D
PID: 2204 (1504) C:\Windows\System32\hkcmd.exe
PID: 2212 ( 560) mDNSResponder.exe
PID: 2220 (1504) C:\Windows\System32\igfxpers.exe
PID: 2252 ( 560) svchost.exe
size: 20992
PID: 2292 ( 560) HPDrvMntSvc.exe
PID: 2348 ( 560) svchost.exe
size: 20992
PID: 2468 ( 560) LSSrvc.exe
PID: 2608 ( 560) svchost.exe
size: 20992
PID: 2704 ( 560) svchost.exe
size: 20992
PID: 2756 (1504) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
size: 4785536
MD5: 26E58AEDCDA906BF5AE35D40CBFD6EA4
PID: 2780 ( 560) RichVideo.exe
PID: 2844 ( 560) svchost.exe
size: 20992
PID: 2868 ( 560) Rtvscan.exe
PID: 2096 ( 560) WLIDSVC.EXE
PID: 736 ( 456) C:\Windows\System32\conhost.exe
PID: 2344 (2096) WLIDSVCM.EXE
PID: 3212 ( 560) SDWinSec.exe
PID: 3324 (2772) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
size: 500792
MD5: A171B56DA31CEA530BFC03734841BD79
PID: 3652 ( 676) unsecapp.exe
PID: 3856 ( 560) svchost.exe
size: 20992
PID: 3892 ( 560) SearchIndexer.exe
size: 427520
PID: 3300 ( 676) WmiPrvSE.exe
PID: 3876 (2104) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
size: 120616
MD5: 31FF084BFAA35307DBAB4FA60CF7DBB7
PID: 4116 ( 560) svchost.exe
size: 20992
PID: 4140 ( 560) iPodService.exe
PID: 4808 ( 560) hpqWmiEx.exe
PID: 4612 (4376) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
size: 311352
MD5: 22309C300E4F1E33BC75EDA065C3C384
PID: 3964 ( 560) HPSA_Service.exe
PID: 4524 ( 560) IntuitUpdateService.exe
PID: 1728 ( 560) IntuitUpdateService.exe
PID: 1772 ( 560) svchost.exe
size: 20992
PID: 4008 ( 560) wmpnetwk.exe
PID: 2836 ( 560) svchost.exe
size: 20992
PID: 5136 ( 676) dllhost.exe
size: 7168
PID: 3880 ( 560) OSPPSVC.EXE
PID: 6044 (3892) C:\Windows\System32\SearchFilterHost.exe
size: 86528
MD5: A6CD6B3F71E13E2E45B727FB8A47EA87
PID: 5364 ( 852) audiodg.exe
PID: 2532 (3892) SearchProtocolHost.exe
size: 164352


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 3/21/2012 2:24:43 PM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://yahoo.com/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\SysWOW64\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896


--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 3: MSAFD Tcpip [TCP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 4: MSAFD Tcpip [UDP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 5: MSAFD Tcpip [RAW/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 6: RSVP TCPv6 Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 7: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 8: RSVP UDPv6 Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 9: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 10: MSAFD Irda [IrDA]
GUID: {3972523D-2AF1-11D1-B655-00805F3642CC}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Infrared protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Irda [IrDA]

Namespace Provider 0: Network Location Awareness Legacy (NLAv1) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename:
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace

Namespace Provider 1: E-mail Naming Shim Provider
GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
Filename:

Namespace Provider 2: PNRP Cloud Namespace Provider
GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
Filename:

Namespace Provider 3: PNRP Name Namespace Provider
GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
Filename:

Namespace Provider 4: WindowsLive NSP
GUID: {4177DDE9-6028-479E-B7B7-03591A63FF3A}
Filename: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

Namespace Provider 5: WindowsLive Local NSP
GUID: {229F2A2C-5F18-4A06-8F89-3A372170624D}
Filename: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

Namespace Provider 6: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename:
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 7: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 8: mdnsNSP
GUID: {B600E6E9-553B-4A19-8696-335E5C896153}
Filename: C:\Program Files (x86)\Bonjour\mdnsNSP.dll
Description: Apple Rendezvous protocol
DB filename: %ProgramFiles%\Rendezvous\bin\mdnsNSP.dll
DB protocol: mdnsNSP

 

[ken545]

Hi,

When you say its still there, what does it say, I see no trace of it on your Spybot log. We added yieldmanager.com and .net and a couple other wordings for this, when it finds it next time just add it to the blocked list, I cant add it for you because your not telling me exactly what it found.

Add this also to the blocked list
Right Media

 

[courtneymc]

sorry, I thought that was in the log somewhere. I'll rerun and post exactly what it's telling me it found and removed.

Also, this is strange. In Firefox, when I go to my tools, it shows never remember history, even though what I set it to each time I go in and add something to the blocked list is 'custom'. Does that matter?

here is what I see when I first go to the tab, hmm, not sure how to copy in an image so I'll attach. the one attached called privacy.

Then, the image attached called privacy 2 is how I add items to the blocked list by clicking on exceptions once I've switched from never remember history to custom. I click ok but every time I reopen the tools it's back to never remember history.

And, on the blocking- is the way it should be working that i run spybot, find it, remove it, add it to the block list, and then it won't come back again? I'm not understanding how blocking it will help since it's never really removed it- I run spybot, remove it, and even if I don't open *anything* else, just immediately rerun spybot, it finds the same file. I would think if it were really removing it, it would at least be gone until I've opened a browser again...

Am I doing something wrong here?

 

[ken545]

What I would do is set FF to Set Cookies from sites < Exceptions and add yieldmanager , also uncheck cookies from 3rd parties.

Your History will be different than accepting cookies so you can set that either way.

When you block a cookie, if a site depends upon needing it ( for example SaferNetworking) it stores your user name and password so that you wont have to enter it each time you visit this site. If you enter a site than uses yieldmanager it may prevent you from accessing that site if you dont except the cookie.

Well, where not talking malware here, just a tracking cookie and SuperAntiSpyware and Spybot will remove them for you if you run a scan on lets say a weekly basis.

 

[courtneymc]

here is a screen print of what spybot continually finds.

as to the settings- what I'm saying is I can't even get to the screen that lets me block sites without having to change that 'firefox will' from 'never remember history' to 'use custom settings for history'.

Is there another place to block cookies? it just seems so strange to me that it always changes back to 'never rememebr history' and I have to change it back to get to my exceptions.

let me know if the attached helps you narrow down where the darn thing is hiding- b/c it never goes away!

 

[courtneymc]

here's what my block list looks like:

 

[ken545]

Did you disable the TeaTimer, that could be preventing the change. Open up Firefox and click on Help> About and make sure you have version 11.0

http://support.mozilla.org/en-US/kb/Enabling and disabling cookies


Adding Right Media to the block list was a good move.

Why FF is staying at Never remember History , I dont know, you may want to post on there forum and ask
http://forums.mozillazine.org/index.php?c=4

 

[courtneymc]

Yes, I disabled teatimer. i'll show the screen print to be sure.

I'm using FF version 11.

so the way i'm blocking is correct, right?

any other ideas??

thanks!

 

[ken545]

Lets run this cleaner

Download TFC to your desktop

• Close any open windows.
• Double click the TFC icon to run the program
• TFC will close all open programs itself in order to run,
• Click the Start button to begin the process.
• Allow TFC to run uninterrupted.
• The program should not take long to finish it's job
• Once its finished it should automatically reboot your machine,
• if it doesn't, manually reboot to ensure a complete clean

What I would do is just to run Spybot and SuperAntiSpyware on a weekly basis and have it remove any tracking cookies. If you start setting your browsers to block all cookies you will not be able to access some sites

 

[courtneymc]

Hi,
I ran the latest program and rebooted and re-ran spybot, still getting the same file found. :sad: any other ideas? thanks!

 

[ken545]

Courtney,

Go back and look at Post # 29, you will see that yieldmanager is a sub folder of Right Media, when Spybot finds it is it in a different sub folder or alone ?


Add these in both FF and IE to your blocked list
ad.yieldmanager.com
ad.yieldmanager.txt
www.yieldmanager.com
www.ad.yieldmanager.com
courtney@ad.yieldmanager.com


Go back and open System Look and add this script and post the log please.

:Filefind
*yieldmanager*
:Folderfind
*yieldmanager*
:Regfind
*yieldmanager*

 

[courtneymc]

I looked back at post 29, what is coming up in spybot is still exactly the same, the subfolder. I'll block those additional sites and run those new instructions and post when it's done.

 

[courtneymc]

here are the results:
SystemLook 27.08.10 by jpshortstuff
Log created at 14:32 on 24/03/2012 by Courtney
Administrator - Elevation successful

========== Filefind ==========

Searching for "*yieldmanager*"
No files found.

========== Folderfind ==========

Searching for "*yieldmanager*"
No folders found.

========== Regfind ==========

Searching for "*yieldmanager*"
No data found.

-= EOF =-

 

[ken545]

Lets do the same with Right Media

:Filefind
*Right Media*
:Folderfind
*Right Media*
:Regfind
*Right Media*

 

[courtneymc]

SystemLook 27.08.10 by jpshortstuff
Log created at 08:50 on 25/03/2012 by Courtney
Administrator - Elevation successful

========== Filefind ==========

Searching for "*Right Media*"
No files found.

========== Folderfind ==========

Searching for "*Right Media*"
No folders found.

========== Regfind ==========

Searching for "*Right Media*"
No data found.

-= EOF =-

 

[ken545]

Courtney,

When you run a scan with Spybot, down on the bottom left it shows what its checking for, not what it found, is this where your seeing yieldmanager.

SuperAntiSpyware found and removed a ton of tracking cookies, those cookies are also in Chrome.

Open Chome and click on the littel wrench up on the top right and go to tools > Clear browsing history and check cookies.

Then run SuperAntiSpyware again and lets see whats left