google redirect

[ken545]

Good Morning,

There are threats going around now that are infecting your Master Boot Record and your MBRCheck log looks fine.


Are both browsers still being redirected and if so where to ?


Try this other rootkit scanner

• Please choose one link and download Rootkit Unhooker and save it to your desktop.
  Link 1
  Link 2
  Link 3
  
• Now double-click on RKUnhookerLE.exe to run it.
• Click the Report tab, then click Scan.
• Check (Tick) Drivers and Stealth
• Uncheck the rest. then click OK
• When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
• Wait till the scanner has finished and then click File > Save Report.
• Save the report somewhere where you can find it. Click Close.
• Copy the entire contents of the report and paste it in your next reply.

Note** you may get the following warning, just click OK and continue.

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"






Then drag Combofix to the trash and redownload a fresh updated copy, run it and post the log please



Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
• See this Link for programs that need to be disabled and instruction on how to disable them.
• Remember to re-enable them when we're done.
  
  
• Double click on ComboFix.exe & follow the prompts.
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

[shcorley]

Firefox redirect to:
63.209.69.107/search/web/Holly%20Corley/a21/empireppc-440-direc40/v5

when I searched my wife's name it was for a linked in link, but went to the above instead.

Explorer is doing similar
gimmeanswers.org/search/v_q17/results.php?search=Holly%20Corley&aff=empireppc-440-direc40

is where it sends me.

I'll run the other programs after church today.

-scott

[shcorley]

I'm still running in safe mode. Should I do this in that manner or switch to normal windows?

I have stayed in safe mode since you asked me to a couple of posts ago.

[ken545]

Normal mode is fine if you can

[shcorley]

Rootkit unhooker won't run

here is the error log it generated

Exception code : 0xC0000005
Instruction address : 0x00402EAA
Attempt to read at address : 0xFFFFFFFF

I'll now try to run in Safe mode and see what happens

[shcorley]

won't work in safe mode either.

Should I still run combofix? I'll wait further instructions.

Thanks for you efforts, Ken.

-Scott

[ken545]

Go ahead and run Combofix Scott

[shcorley]

ComboFix 12-01-16.04 - Holly 01/16/2012 19:39:24.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4056.2547 [GMT -5:00]
Running from: c:\users\Holly\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-12-17 to 2012-01-17 )))))))))))))))))))))))))))))))
.
.
2012-01-17 01:13 . 2012-01-17 01:13 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6F54C6AC-72CB-4466-A742-69A90267151B}\offreg.dll
2012-01-17 01:08 . 2012-01-17 01:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-15 22:45 . 2012-01-15 22:56 35712 ----a-w- c:\windows\SysWow64\drivers\BlackBox.sys
2012-01-15 03:00 . 2012-01-15 03:00 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-15 03:00 . 2012-01-15 03:00 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-15 03:00 . 2012-01-15 03:00 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-15 03:00 . 2012-01-15 03:00 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
2012-01-14 03:28 . 2012-01-14 03:28 -------- d-----w- c:\program files (x86)\ESET
2012-01-13 19:38 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6F54C6AC-72CB-4466-A742-69A90267151B}\mpengine.dll
2012-01-13 01:02 . 2012-01-13 01:02 -------- d-----w- C:\_OTL
2012-01-11 23:36 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 23:36 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-11 23:36 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 23:36 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-11 23:36 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 23:36 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-11 23:36 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-11 23:36 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-11 04:13 . 2012-01-11 04:13 -------- d-----w- c:\program files (x86)\ERUNT
2012-01-07 00:26 . 2012-01-11 04:34 -------- d-----w- c:\users\Holly\AppData\Local\Diagnostics
2012-01-05 01:46 . 2012-01-05 02:10 -------- d-----w- c:\programdata\PC Tools
2012-01-02 21:12 . 2012-01-02 21:12 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-01-02 21:05 . 2012-01-02 21:05 -------- d-----w- c:\users\Holly\AppData\Local\adaware
2012-01-02 21:05 . 2012-01-11 04:25 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2012-01-02 21:05 . 2012-01-02 21:05 -------- d-----w- c:\program files (x86)\Toolbar Cleaner
2012-01-02 21:05 . 2012-01-02 21:05 -------- d-----w- c:\program files (x86)\adawaretb
2012-01-02 21:05 . 2011-11-03 17:06 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys
2012-01-02 21:05 . 2012-01-02 21:05 -------- d-----w- c:\programdata\Lavasoft
2012-01-02 21:05 . 2012-01-02 21:05 -------- d-----w- c:\program files (x86)\Lavasoft
2011-12-31 01:34 . 2011-12-31 01:29 684297 ----a-w- C:\unhide.exe
2011-12-31 01:28 . 2011-12-31 01:28 -------- d-----w- c:\users\Holly\AppData\Roaming\Malwarebytes
2011-12-31 01:28 . 2011-12-31 01:28 -------- d-----w- c:\programdata\Malwarebytes
2011-12-31 01:28 . 2012-01-12 01:49 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-30 23:09 . 2010-09-14 02:12 363520 ----a-w- C:\scott kill.com
2011-12-30 23:08 . 2010-09-14 02:12 363520 ----a-w- C:\rkill.com
2011-12-27 02:58 . 2012-01-17 01:12 -------- d-----r- c:\users\Holly\Dropbox
2011-12-27 02:56 . 2012-01-17 01:12 -------- d-----w- c:\users\Holly\AppData\Roaming\Dropbox
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-24 04:52 . 2011-12-14 00:05 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-16 23:07 . 2011-05-28 01:38 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-05 05:32 . 2011-12-14 00:05 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 04:26 . 2011-12-14 00:05 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-04 01:53 . 2011-12-14 20:17 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-11-04 01:44 . 2011-12-14 20:17 1390080 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 01:44 . 2011-12-14 20:17 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 01:34 . 2011-12-14 20:17 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-03 22:47 . 2011-12-14 20:17 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-11-03 22:40 . 2011-12-14 20:17 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-11-03 22:39 . 2011-12-14 20:17 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-03 22:31 . 2011-12-14 20:17 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-10-26 05:21 . 2011-12-14 00:05 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-24 19:29 . 2011-10-24 19:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 19:29 . 2011-10-24 19:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-12_00.21.00 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-01-12 00:19 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-01-17 00:27 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-01-17 00:27 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-12 00:19 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-17 00:27 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-12 00:19 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-05-28 11:50 . 2012-01-17 01:13 33944 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-01-17 01:13 38808 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:46 . 2012-01-13 01:08 91888 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-01-12 08:11 . 2012-01-12 08:11 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\94787ab3efcc074396a60ff3d83edf78\System.Web.DynamicData.Design.ni.dll
+ 2011-05-27 23:16 . 2012-01-17 01:13 9736 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3384869757-1886810002-3943362877-1001_UserData.bin
+ 2012-01-17 01:11 . 2012-01-17 01:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-01-12 00:19 . 2012-01-12 00:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-01-12 00:19 . 2012-01-12 00:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-01-17 01:11 . 2012-01-17 01:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-06-30 20:20 . 2012-01-14 16:52 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2011-06-30 20:20 . 2012-01-12 00:19 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2011-05-29 00:03 . 2012-01-14 16:19 232858 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 05:01 . 2012-01-12 00:18 244568 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-01-17 01:10 244568 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-07-01 16:46 . 2010-11-20 13:27 465920 c:\windows\ehome\mstvcapn.dll
+ 2012-01-11 23:36 . 2011-10-29 05:23 465920 c:\windows\ehome\mstvcapn.dll
+ 2012-01-12 08:11 . 2012-01-12 08:11 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\8e576ae7d946a5440bddfdbe06818a8b\System.Web.Routing.ni.dll
+ 2012-01-12 08:11 . 2012-01-12 08:11 860160 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\5bd4f855a0b0386cb4baf093216ad2d3\System.Web.Extensions.Design.ni.dll
+ 2012-01-12 08:11 . 2012-01-12 08:11 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\8d56e2f2a05dbde707d87cb3bdf0dffc\System.Web.Entity.ni.dll
+ 2012-01-12 08:11 . 2012-01-12 08:11 301568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\f560658d9ee6d2786cab976e775758d6\System.Web.Entity.Design.ni.dll
+ 2012-01-12 08:11 . 2012-01-12 08:11 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\e94f08faeb08a8ee9d51a3480083bd07\System.Web.DynamicData.ni.dll
+ 2012-01-12 08:11 . 2012-01-12 08:11 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\2dc7ec41005f6e6fe45e0cc0a20a12bc\System.Web.Abstractions.ni.dll
+ 2012-01-12 08:10 . 2012-01-12 08:10 763392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\e6fa2be533d9e540ccafe51980ae0103\System.Data.Entity.Design.ni.dll
- 2009-07-14 04:45 . 2012-01-11 23:30 7114300 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-01-12 08:20 7114300 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-05-27 23:13 . 2012-01-17 01:10 2657632 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3384869757-1886810002-3943362877-1001-8192.dat
+ 2012-01-12 08:11 . 2012-01-12 08:11 1358336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\a612958eaf641f0ba83b0daae44cb7b1\System.WorkflowServices.ni.dll
+ 2012-01-12 08:11 . 2012-01-12 08:11 2209792 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\d957ec1fb12ff02282a7f73d6318b66b\System.Web.Mobile.ni.dll
+ 2012-01-12 08:11 . 2012-01-12 08:11 2404352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\a90f033a5a062ff29f7df8f9edc1a80c\System.Web.Extensions.ni.dll
+ 2012-01-12 08:10 . 2012-01-12 08:10 1707008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\828e31a37bfd9d432083be6307845630\System.ServiceModel.Web.ni.dll
+ 2012-01-12 08:10 . 2012-01-12 08:10 1083392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c0d9df88f2b37d14cf416281364c5b7f\System.IdentityModel.ni.dll
+ 2012-01-12 08:10 . 2012-01-12 08:10 2029568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\76e676a9b6387aad5544d61a4ac12a78\System.Data.Services.ni.dll
+ 2012-01-12 08:10 . 2012-01-12 08:10 6438912 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\20d18697deb8413c01119531c6b987ad\MIGUIControls.ni.dll
+ 2012-01-12 08:10 . 2012-01-12 08:10 1670144 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\dd759df05fad8dc6d3404e8e02b40819\Microsoft.VisualBasic.ni.dll
+ 2012-01-12 08:10 . 2012-01-12 08:10 1681920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\695508ea67706e5f66208cabe5363099\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-01-12 08:10 . 2012-01-12 08:10 1009664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\5662462cfa995c71817791af93686db2\Microsoft.MediaCenter.ni.dll
+ 2012-01-12 08:10 . 2012-01-12 08:10 6499840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\4676e3f99469bd1120f8aed9cf37e4d2\Microsoft.MediaCenter.UI.ni.dll
+ 2011-09-11 13:22 . 2012-01-12 08:01 54008112 c:\windows\system32\MRT.exe
+ 2012-01-12 08:10 . 2012-01-12 08:10 17478656 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\7bc7e33d4568a214f226cdb6a161a37a\System.ServiceModel.ni.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2011-10-21 09:10 87440 ----a-w- c:\program files (x86)\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2011-10-21 87440]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Holly\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Holly\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Holly\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
.
c:\users\Holly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Holly\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-12-5 24242056]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-5-27 110592]
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe"
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
.
R0 BlackBox;BlackBox SR2; [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-27 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-27 136176]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe [2009-03-03 89600]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-03-28 136360]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-11-03 2152152]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2012-01-02 17152]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - LAVASOFT_KERNEXPLORER
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-17 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-11-03 17:06]
.
2012-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-27 22:59]
.
2012-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-27 22:59]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Holly\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Holly\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Holly\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Holly\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-01-18 368640]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-02-26 487424]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-30 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-30 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-30 365080]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.dell.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.5.1
FF - ProfilePath - c:\users\Holly\AppData\Roaming\Mozilla\Firefox\Profiles\7b5zwuw5.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/?_bc=1
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
c:\program files (x86)\Common Files\Java\Java Update\jusched.exe
.
**************************************************************************
.
Completion time: 2012-01-16 20:32:47 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-17 01:32
ComboFix2.txt 2012-01-12 00:42
.
Pre-Run: 264,804,761,600 bytes free
Post-Run: 264,548,384,768 bytes free
.
- - End Of File - - 3EE1782161C743A904DA2F8C9D1AAA63

[ken545]

I am not seeing any of that in your log.

Open IE and go to Tools > Manage Add Ons > Search Providers and see if gimmeanswers is in there and if so delete it.



Open FF and go to Tools> Add Ons > Extensions and do the same thing.


Please download SuperAntiSpyware Free
Install the program

• Run SuperAntiSpyware and click: Check for updates
• Once the update is finished, on the main screen, click: Scan your computer
• Check: Perform Complete Scan
• Click Next to start the scan.

Superantispyware scans the computer, and when finished, lists all the infections found.
Make sure everything found has a check next to it, and press: Next <-- Important
Then, click Finish

It is possible that the program asks to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:

• Click: Preferences
• Click the Statistics/Logs tab
• Under Scanner Logs, double-click SuperAntiSpyware Scan Log

It opens in your default text editor (such as Notepad)

Please provide the SuperAntiSpyware log in your next reply

[shcorley]

neither IE nor FF had anything like gimmeranswers in the add ons.

here is the superantispyware log posted in 2 parts
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/16/2012 at 11:16 PM

Application Version : 5.0.1142

Core Rules Database Version : 8134
Trace Rules Database Version: 5946

Scan type : Complete Scan
Total Scan Time : 00:41:46

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned : 577
Memory threats detected : 0
Registry items scanned : 70004
Registry threats detected : 0
File items scanned : 46979
File threats detected : 713

Adware.Tracking Cookie
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\NYY50X9I.txt [ /indieclick.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\FT5SKT9W.txt [ /d.mediadakine.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\4G3W9B5H.txt [ /questionmarket.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\5OX73EZH.txt [ /accounts.google.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\8JFI0TYL.txt [ /pro-market.net ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\1QEQ1MRE.txt [ /bevelwise.rotator.hadj7.adjuggler.net ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\1V4ZG000.txt [ /content.yieldmanager.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\M78ZKDZE.txt [ /insightexpressai.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\3JY666ME.txt [ /mediatraffic.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\GNQ16LT3.txt [ /pointroll.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\LUQ32691.txt [ /ru4.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\SFAPFS7V.txt [ /boom-find.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\P3A5A14L.txt [ /miva.cinomedia.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\T5NXM8NI.txt [ /adserver.adtechus.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\FJPG9U0O.txt [ /awesome-find.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\ZP7DJO1M.txt [ /yieldmanager.net ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\DJS49S34.txt [ /findsimle.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\KDGVH0G5.txt [ /findesop.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\MB94D7FU.txt [ /malakmedia.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\3NIKCGNY.txt [ /ox-d.fondnessmedia.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\P45OOZV7.txt [ /www.findallofittoday.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\E0WPZ0Z1.txt [ /adserver2.eclickz.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\7IIMQWC5.txt [ /blog.chitika.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\OVSPVODL.txt [ /fromtofind.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\WC2B5NV2.txt [ /harrenmedianetwork.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\2SL80N1Z.txt [ /adtech.de ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\V5JDO7XX.txt [ /mm.chitika.net ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\2UKYXPJM.txt [ /a1.interclick.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\1OM3XYPQ.txt [ /tribalfusion.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\D90AFD6A.txt [ /adxpose.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\Q5TTR7F3.txt [ /clicks.thespecialsearch.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\6KJSUWW5.txt [ /bs.serving-sys.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\ATUC9XHH.txt [ /findology.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\V6547A7J.txt [ /mediaservices-d.openxenterprise.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\FQDCO5A8.txt [ /collective-media.net ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\S2VIEF7V.txt [ /findedclik.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\075JCVMP.txt [ /lokyfind.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\EOAUA6ND.txt [ /atwola.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\U0B9TC0V.txt [ /media.adfrontiers.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\578XV9XZ.txt [ /chitika.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\H028SG6Q.txt [ /media6degrees.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\7AX1AJMR.txt [ /ad.360yield.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\DA3SS0C4.txt [ /pennyfinder.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\AH7K3ZTG.txt [ /invitemedia.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\LSKVW1AR.txt [ /ad.yieldmanager.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\OSBCHY7L.txt [ /advertise.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\X2ZAJZ5Y.txt [ /lucidmedia.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\V6HG4X7L.txt [ /at.atwola.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\3CXXQ188.txt [ /ads.adk2.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\SZ824DMP.txt [ /xml.trafficengine.net ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\FAY5BPK9.txt [ /banners.trafficengine.net ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\0UX3X5U5.txt [ /www.googleadservices.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\TTGCTU77.txt [ /revsci.net ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\FEENR2RH.txt [ /interclick.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\1V82UH8G.txt [ /weborama.fr ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\0W0HAMKX.txt [ /click.scour.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\2AUOC6SJ.txt [ /serving-sys.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\AAIPH3LD.txt [ /ads.pubmatic.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\HX2P4TS6.txt [ /adbrite.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\21WMB3QT.txt [ /realmedia.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\91F8GYG3.txt [ /amazon-adsystem.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\2SY0Y9AI.txt [ /tacoda.at.atwola.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\6KZ5SG5H.txt [ /ads.pointroll.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\NUXKSEKT.txt [ /mifind.net ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\G8Y5ASQY.txt [ /server.cpmstar.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\CL8TOAHU.txt [ /imrworldwide.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\R4V5LZSS.txt [ /perfind.net ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\DH1UDJBR.txt [ /goclicker.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\1EU8D0BK.txt [ /optimize.indieclick.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\NKH8QFHZ.txt [ /cn.clickable.net ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\3JZAKRMM.txt [ /www.citygridmedia.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\60S52ZWS.txt [ /klpfind.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\G27LL1G0.txt [ /test.sem-tracking-analytics.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\KWQ8MJ78.txt [ /www.networkadvertising.org ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\1D7YRP5A.txt [ /click.searchnation.net ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\HKP04TNR.txt [ /ad2.adfarm1.adition.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\KPAD0UL2.txt [ /intermundomedia.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\CM3QFECT.txt [ /mellfind.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\8PGVMZM0.txt [ /adfarm1.adition.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\DI375HAA.txt [ /ads.footar.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\LT319MGE.txt [ /buzz-media.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\ND212QID.txt [ /kontera.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\C3BACZ98.txt [ /network.realmedia.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\6V2MR805.txt [ /insights.chitika.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\WJENJH9Q.txt [ /orange-advertising.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\TXRI0JCW.txt [ /dmfind.net ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\1Z41NNKV.txt [ /stat.onestat.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\QC3Z6WOL.txt [ /clickkick.net ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\VCFY93S6.txt [ /bizzclick.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\T3UMBGZ9.txt [ /adinterax.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\4KZNNNY9.txt [ /seek-media.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\JVOW2F09.txt [ /smashfind.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\MUFIB3HX.txt [ /fidelity.rotator.hadj7.adjuggler.net ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\TGOA2J1L.txt [ /akamai.interclickproxy.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\CLIFDGHT.txt [ /xml.mediality.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\VRXBHJ33.txt [ /trafficmp.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\UC2R7OQ7.txt [ /findstops.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\KI3KVY69.txt [ /xm.xtendmedia.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\7PLH6QBC.txt [ /citygridmedia.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\VYL6YB4H.txt [ /ar.atwola.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\OQQH8BS0.txt [ /ads.undertone.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\NI3LR42W.txt [ /clicks.freesearchbuddy.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\8BLMHUJL.txt [ /stevesmithmedia.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\RW15CMW3.txt [ /ads.networldmedia.net ]
C:\USERS\HOLLY\AppData\Roaming\Microsoft\Windows\Cookies\SV07B70L.txt [ Cookie:holly@isourcecenter.com/click/ ]
C:\USERS\HOLLY\AppData\Roaming\Microsoft\Windows\Cookies\6MOLKWQV.txt [ Cookie:holly@indigo-search.com/click/ ]
C:\USERS\HOLLY\AppData\Roaming\Microsoft\Windows\Cookies\1UJGFWWI.txt [ Cookie:holly@seek-your.com/click/ ]
C:\USERS\HOLLY\AppData\Roaming\Microsoft\Windows\Cookies\Low\holly@pointroll[2].txt [ Cookie:holly@pointroll.com/ ]
C:\USERS\HOLLY\AppData\Roaming\Microsoft\Windows\Cookies\Low\holly@doubleclick[1].txt [ Cookie:holly@doubleclick.net/ ]
C:\USERS\HOLLY\AppData\Roaming\Microsoft\Windows\Cookies\Low\holly@ads.pointroll[1].txt [ Cookie:holly@ads.pointroll.com/ ]
C:\USERS\HOLLY\AppData\Roaming\Microsoft\Windows\Cookies\Low\MG06A7LG.txt [ Cookie:holly@imrworldwide.com/cgi-bin ]
C:\USERS\HOLLY\Cookies\NYY50X9I.txt [ Cookie:holly@indieclick.com/ ]
C:\USERS\HOLLY\Cookies\FT5SKT9W.txt [ Cookie:holly@d.mediadakine.com/ ]
C:\USERS\HOLLY\Cookies\4G3W9B5H.txt [ Cookie:holly@questionmarket.com/ ]
C:\USERS\HOLLY\Cookies\5OX73EZH.txt [ Cookie:holly@accounts.google.com/ ]
C:\USERS\HOLLY\Cookies\8JFI0TYL.txt [ Cookie:holly@pro-market.net/ ]
C:\USERS\HOLLY\Cookies\1QEQ1MRE.txt [ Cookie:holly@bevelwise.rotator.hadj7.adjuggler.net/ ]
C:\USERS\HOLLY\Cookies\1V4ZG000.txt [ Cookie:holly@content.yieldmanager.com/ ]
C:\USERS\HOLLY\Cookies\3JY666ME.txt [ Cookie:holly@mediatraffic.com/ ]
C:\USERS\HOLLY\Cookies\GNQ16LT3.txt [ Cookie:holly@pointroll.com/ ]
C:\USERS\HOLLY\Cookies\SFAPFS7V.txt [ Cookie:holly@boom-find.com/click/ ]
C:\USERS\HOLLY\Cookies\P3A5A14L.txt [ Cookie:holly@miva.cinomedia.com/ ]
C:\USERS\HOLLY\Cookies\T5NXM8NI.txt [ Cookie:holly@adserver.adtechus.com/ ]
C:\USERS\HOLLY\Cookies\FJPG9U0O.txt [ Cookie:holly@awesome-find.com/click/ ]
C:\USERS\HOLLY\Cookies\ZP7DJO1M.txt [ Cookie:holly@yieldmanager.net/ ]
C:\USERS\HOLLY\Cookies\DJS49S34.txt [ Cookie:holly@findsimle.com/ ]
C:\USERS\HOLLY\Cookies\KDGVH0G5.txt [ Cookie:holly@findesop.com/ ]
C:\USERS\HOLLY\Cookies\MB94D7FU.txt [ Cookie:holly@malakmedia.com/ ]
C:\USERS\HOLLY\Cookies\P45OOZV7.txt [ Cookie:holly@www.findallofittoday.com/ ]
C:\USERS\HOLLY\Cookies\E0WPZ0Z1.txt [ Cookie:holly@adserver2.eclickz.com/ ]
C:\USERS\HOLLY\Cookies\7IIMQWC5.txt [ Cookie:holly@blog.chitika.com/ ]
C:\USERS\HOLLY\Cookies\OVSPVODL.txt [ Cookie:holly@fromtofind.com/ ]
C:\USERS\HOLLY\Cookies\2SL80N1Z.txt [ Cookie:holly@adtech.de/ ]
C:\USERS\HOLLY\Cookies\V5JDO7XX.txt [ Cookie:holly@mm.chitika.net/ ]
C:\USERS\HOLLY\Cookies\2UKYXPJM.txt [ Cookie:holly@a1.interclick.com/ ]
C:\USERS\HOLLY\Cookies\D90AFD6A.txt [ Cookie:holly@adxpose.com/ ]
C:\USERS\HOLLY\Cookies\Q5TTR7F3.txt [ Cookie:holly@clicks.thespecialsearch.com/ ]
C:\USERS\HOLLY\Cookies\ATUC9XHH.txt [ Cookie:holly@findology.com/ ]
C:\USERS\HOLLY\Cookies\V6547A7J.txt [ Cookie:holly@mediaservices-d.openxenterprise.com/ ]
C:\USERS\HOLLY\Cookies\FQDCO5A8.txt [ Cookie:holly@collective-media.net/ ]
C:\USERS\HOLLY\Cookies\S2VIEF7V.txt [ Cookie:holly@findedclik.com/ ]
C:\USERS\HOLLY\Cookies\075JCVMP.txt [ Cookie:holly@lokyfind.com/ ]
C:\USERS\HOLLY\Cookies\EOAUA6ND.txt [ Cookie:holly@atwola.com/ ]
C:\USERS\HOLLY\Cookies\U0B9TC0V.txt [ Cookie:holly@media.adfrontiers.com/ ]
C:\USERS\HOLLY\Cookies\578XV9XZ.txt [ Cookie:holly@chitika.com/ ]
C:\USERS\HOLLY\Cookies\H028SG6Q.txt [ Cookie:holly@media6degrees.com/ ]
C:\USERS\HOLLY\Cookies\DA3SS0C4.txt [ Cookie:holly@pennyfinder.com/ ]
C:\USERS\HOLLY\Cookies\AH7K3ZTG.txt [ Cookie:holly@invitemedia.com/ ]
C:\USERS\HOLLY\Cookies\LSKVW1AR.txt [ Cookie:holly@ad.yieldmanager.com/ ]
C:\USERS\HOLLY\Cookies\OSBCHY7L.txt [ Cookie:holly@advertise.com/ ]
C:\USERS\HOLLY\Cookies\X2ZAJZ5Y.txt [ Cookie:holly@lucidmedia.com/ ]
C:\USERS\HOLLY\Cookies\V6HG4X7L.txt [ Cookie:holly@at.atwola.com/ ]
C:\USERS\HOLLY\Cookies\SV07B70L.txt [ Cookie:holly@isourcecenter.com/click/ ]
C:\USERS\HOLLY\Cookies\FAY5BPK9.txt [ Cookie:holly@banners.trafficengine.net/ ]
C:\USERS\HOLLY\Cookies\TTGCTU77.txt [ Cookie:holly@revsci.net/ ]
C:\USERS\HOLLY\Cookies\FEENR2RH.txt [ Cookie:holly@interclick.com/ ]
C:\USERS\HOLLY\Cookies\6MOLKWQV.txt [ Cookie:holly@indigo-search.com/click/ ]
C:\USERS\HOLLY\Cookies\1V82UH8G.txt [ Cookie:holly@weborama.fr/ ]
C:\USERS\HOLLY\Cookies\0W0HAMKX.txt [ Cookie:holly@click.scour.com/ ]
C:\USERS\HOLLY\Cookies\HX2P4TS6.txt [ Cookie:holly@adbrite.com/ ]
C:\USERS\HOLLY\Cookies\91F8GYG3.txt [ Cookie:holly@amazon-adsystem.com/ ]
C:\USERS\HOLLY\Cookies\2SY0Y9AI.txt [ Cookie:holly@tacoda.at.atwola.com/ ]
C:\USERS\HOLLY\Cookies\6KZ5SG5H.txt [ Cookie:holly@ads.pointroll.com/ ]
C:\USERS\HOLLY\Cookies\NUXKSEKT.txt [ Cookie:holly@mifind.net/ ]
C:\USERS\HOLLY\Cookies\G8Y5ASQY.txt [ Cookie:holly@server.cpmstar.com/ ]
C:\USERS\HOLLY\Cookies\CL8TOAHU.txt [ Cookie:holly@imrworldwide.com/cgi-bin ]
C:\USERS\HOLLY\Cookies\R4V5LZSS.txt [ Cookie:holly@perfind.net/ ]
C:\USERS\HOLLY\Cookies\DH1UDJBR.txt [ Cookie:holly@goclicker.com/ ]
C:\USERS\HOLLY\Cookies\1EU8D0BK.txt [ Cookie:holly@optimize.indieclick.com/ ]
C:\USERS\HOLLY\Cookies\NKH8QFHZ.txt [ Cookie:holly@cn.clickable.net/ ]