google redirect
- Thread starter shcorley
- Start date
- Status
ken545
Emeritus-Security Expert
Hey,
Lets dig deeper
Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
Then try aswMBR again, even if safemode if needed
To Enter Safemode
Download aswMBR.exe ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
Click the "Scan" button to start scan
On completion of the scan click save log, save it to your desktop and post in your next reply
Lets dig deeper
Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
- Ensure all Firefox windows are closed.
- To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
- When prompted to run the scan, click Yes.
- GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).
Then try aswMBR again, even if safemode if needed
To Enter Safemode
- Go to Start> Shut off your Computer> Restart
- As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
this will bring up a menu. - Use the Up and Down Arrow Keys to scroll up to Safemode with Networking
- Then press the Enter Key on your Keyboard
Download aswMBR.exe ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
Click the "Scan" button to start scan
On completion of the scan click save log, save it to your desktop and post in your next reply
goored log
GooredFix by jpshortstuff (03.07.10.1)
Log created at 11:54 on 14/01/2012 (Holly)
Firefox version 8.0 (en-US)
========== GooredScan ==========
========== GooredLog ==========
C:\Program Files (x86)\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [22:58 27/05/2011]
{972ce4c6-7e08-4474-a285-3208198ce6fd} [22:55 27/05/2011]
C:\Users\Holly\Application Data\Mozilla\Firefox\Profiles\7b5zwuw5.default\extensions\
{87934c42-161d-45bc-8cef-ef18abe2a30c} [21:05 02/01/2012]
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
(none)
-=E.O.F=-
GooredFix by jpshortstuff (03.07.10.1)
Log created at 11:54 on 14/01/2012 (Holly)
Firefox version 8.0 (en-US)
========== GooredScan ==========
========== GooredLog ==========
C:\Program Files (x86)\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [22:58 27/05/2011]
{972ce4c6-7e08-4474-a285-3208198ce6fd} [22:55 27/05/2011]
C:\Users\Holly\Application Data\Mozilla\Firefox\Profiles\7b5zwuw5.default\extensions\
{87934c42-161d-45bc-8cef-ef18abe2a30c} [21:05 02/01/2012]
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
(none)
-=E.O.F=-
aswMBR won't run even in Safe mode
I ran Goored Fix in Safe mode (was that a mistake?)
Now i tried to run aswMBR and it doesn't appear to do anything.
When I go to talk manager the following processes are running:
csrss.exe
ctfmon.exe
explorer.exe
taskmgr.exe
winlogon.exe
The memory number for explorer keeps climbing. The others all stay the same.
-Scott
I ran Goored Fix in Safe mode (was that a mistake?)
Now i tried to run aswMBR and it doesn't appear to do anything.
When I go to talk manager the following processes are running:
csrss.exe
ctfmon.exe
explorer.exe
taskmgr.exe
winlogon.exe
The memory number for explorer keeps climbing. The others all stay the same.
-Scott
ken545
Emeritus-Security Expert
Run this program please
Please download TDSSKiller.zip
Please download TDSSKiller.zip
- Extract it to your desktop
- Double click TDSSKiller.exe
- Press Start Scan
- Only if Malicious objects are found then ensure Cure is selected
- Then click Continue > Reboot now
- Copy and paste the log in your next reply
- A copy of the log will be saved automatically to the root of the drive (typically C:\)
ken545
Emeritus-Security Expert
Lets see if these will run
Download MBRCheck.exe to your desktop.
Download the GMER Rootkit Scanner. Unzip it to your Desktop.
Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.
Download MBRCheck.exe to your desktop.
- Be sure to disable your security programs
- Double click on the file to run it
- A window will open on your desktop
- if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
- If nothing unusual is found just press Enter
- A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
- Please post the contents of that file.
Download the GMER Rootkit Scanner. Unzip it to your Desktop.
Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
- Double click GMER.exe.
- If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
- In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
- IAT/EAT
- Drives/Partition other than Systemdrive (typically C:\)
- Show All (don't miss this one)
Click the image to enlarge it
- Then click the Scan button & wait for it to finish.
- Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
- Save the log where you can easily find it, such as your desktop.
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.
MBR text
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Inspiron 1545
Logical Drives Mask: 0x0000000c
Kernel Drivers (total 152):
0x01C1F000 \SystemRoot\system32\ntoskrnl.exe
0x02208000 \SystemRoot\system32\hal.dll
0x00BBA000 \SystemRoot\system32\kdcom.dll
0x00CF9000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00D48000 \SystemRoot\system32\PSHED.dll
0x00D5C000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00EC6000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F6A000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F79000 \SystemRoot\system32\drivers\ACPI.sys
0x00FD0000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00FD9000 \SystemRoot\system32\drivers\msisadrv.sys
0x00E00000 \SystemRoot\system32\drivers\pci.sys
0x00E33000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00E40000 \SystemRoot\System32\drivers\partmgr.sys
0x00E55000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00E5E000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00E6A000 \SystemRoot\system32\drivers\volmgr.sys
0x0108C000 \SystemRoot\System32\drivers\volmgrx.sys
0x010E8000 \SystemRoot\System32\drivers\mountmgr.sys
0x01259000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x01375000 \SystemRoot\system32\drivers\amdxata.sys
0x01380000 \SystemRoot\system32\drivers\fltmgr.sys
0x013CC000 \SystemRoot\system32\drivers\fileinfo.sys
0x013E0000 \SystemRoot\system32\DRIVERS\Lbd.sys
0x01413000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01102000 \SystemRoot\System32\Drivers\msrpc.sys
0x015B6000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01160000 \SystemRoot\System32\Drivers\cng.sys
0x015D1000 \SystemRoot\System32\drivers\pcw.sys
0x015E2000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01611000 \SystemRoot\system32\drivers\ndis.sys
0x01704000 \SystemRoot\system32\drivers\NETIO.SYS
0x01764000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01862000 \SystemRoot\System32\drivers\tcpip.sys
0x01A66000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01AB0000 \SystemRoot\system32\drivers\volsnap.sys
0x01B04000 \SystemRoot\System32\drivers\rdyboost.sys
0x01B3E000 \SystemRoot\System32\Drivers\mup.sys
0x01B50000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01B59000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01B93000 \SystemRoot\system32\DRIVERS\disk.sys
0x01BA9000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x02D56000 \SystemRoot\System32\Drivers\Null.SYS
0x02D5F000 \SystemRoot\System32\Drivers\Beep.SYS
0x02D66000 \SystemRoot\System32\drivers\vga.sys
0x02D74000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x02D99000 \SystemRoot\System32\drivers\watchdog.sys
0x02DA9000 \SystemRoot\system32\drivers\rdpencdd.sys
0x02DB2000 \SystemRoot\System32\Drivers\Msfs.SYS
0x02DBD000 \SystemRoot\System32\Drivers\Npfs.SYS
0x02DCE000 \SystemRoot\system32\DRIVERS\tdx.sys
0x02DF0000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x01000000 \SystemRoot\system32\drivers\afd.sys
0x01800000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02C00000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x02C0B000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x0178F000 \SystemRoot\system32\DRIVERS\pacer.sys
0x01845000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x02C14000 \SystemRoot\system32\DRIVERS\netbios.sys
0x01200000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x01BE7000 \SystemRoot\system32\drivers\nsiproxy.sys
0x017B5000 \SystemRoot\System32\Drivers\dfsc.sys
0x017D3000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x01BF3000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x02EBF000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x02F15000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x02F26000 \SystemRoot\system32\drivers\HDAudBus.sys
0x032F5000 \SystemRoot\system32\DRIVERS\bcmwl664.sys
0x0359D000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x03200000 \SystemRoot\system32\DRIVERS\yk62x64.sys
0x03264000 \SystemRoot\system32\drivers\i8042prt.sys
0x03282000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0x032CD000 \SystemRoot\system32\drivers\mouclass.sys
0x032DC000 \SystemRoot\system32\drivers\kbdclass.sys
0x035AA000 \SystemRoot\system32\drivers\cdrom.sys
0x035D4000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x035E1000 \SystemRoot\system32\drivers\wmiacpi.sys
0x035EA000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x02F4A000 \SystemRoot\system32\drivers\CompositeBus.sys
0x02F5A000 \SystemRoot\system32\drivers\mssmbios.sys
0x02F65000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x02F7B000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x02F9F000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x02FAB000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x02FDA000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x02E00000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x02E21000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x02E3B000 \SystemRoot\system32\drivers\termdd.sys
0x035FB000 \SystemRoot\system32\drivers\swenum.sys
0x02E4F000 \SystemRoot\system32\drivers\ks.sys
0x02E92000 \SystemRoot\system32\drivers\umbus.sys
0x0307A000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x030D4000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x030E9000 \SystemRoot\System32\Drivers\crashdmp.sys
0x02C23000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x030F7000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x00040000 \SystemRoot\System32\win32k.sys
0x0310A000 \SystemRoot\System32\drivers\Dxapi.sys
0x03116000 \SystemRoot\System32\Drivers\RtsUStor.sys
0x03150000 \SystemRoot\System32\Drivers\USBD.SYS
0x00530000 \SystemRoot\System32\drivers\dxg.sys
0x00640000 \SystemRoot\System32\TSDDD.dll
0x00830000 \SystemRoot\System32\framebuf.dll
0x03152000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x0316F000 \SystemRoot\system32\drivers\WudfPf.sys
0x03190000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x031E3000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x03000000 \SystemRoot\system32\DRIVERS\bowser.sys
0x0301E000 \SystemRoot\System32\drivers\mpsdrv.sys
0x03036000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x05E1D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x05E6B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x76E40000 \Windows\System32\ntdll.dll
0x47740000 \Windows\System32\smss.exe
0xFF160000 \Windows\System32\apisetschema.dll
0xFF3C0000 \Windows\System32\autochk.exe
0xFF140000 \Windows\System32\nsi.dll
0xFF0A0000 \Windows\System32\msvcrt.dll
0xFF030000 \Windows\System32\gdi32.dll
0xFEF50000 \Windows\System32\advapi32.dll
0xFEED0000 \Windows\System32\difxapi.dll
0xFECF0000 \Windows\System32\setupapi.dll
0xFEC70000 \Windows\System32\shlwapi.dll
0xFEBD0000 \Windows\System32\comdlg32.dll
0x77010000 \Windows\System32\psapi.dll
0xFEB00000 \Windows\System32\usp10.dll
0xFEAD0000 \Windows\System32\imm32.dll
0xFE9A0000 \Windows\System32\rpcrt4.dll
0xFE8C0000 \Windows\System32\oleaut32.dll
0xFDB30000 \Windows\System32\shell32.dll
0x76CF0000 \Windows\System32\urlmon.dll
0xFD920000 \Windows\System32\ole32.dll
0xFD900000 \Windows\System32\sechost.dll
0xFD8A0000 \Windows\System32\Wldap32.dll
0xFD890000 \Windows\System32\lpk.dll
0x76BD0000 \Windows\System32\kernel32.dll
0xFD780000 \Windows\System32\msctf.dll
0x76AD0000 \Windows\System32\user32.dll
0xFD730000 \Windows\System32\ws2_32.dll
0xFD710000 \Windows\System32\imagehlp.dll
0x768C0000 \Windows\System32\iertutil.dll
0x77000000 \Windows\System32\normaliz.dll
0x76760000 \Windows\System32\wininet.dll
0xFD670000 \Windows\System32\clbcatq.dll
0xFD500000 \Windows\System32\crypt32.dll
0xFD460000 \Windows\System32\comctl32.dll
0xFD440000 \Windows\System32\devobj.dll
0xFD400000 \Windows\System32\wintrust.dll
0xFD3C0000 \Windows\System32\cfgmgr32.dll
0xFD350000 \Windows\System32\KernelBase.dll
0xFD340000 \Windows\System32\msasn1.dll
Processes (total 28):
0 System Idle Process
4 System
300 C:\Windows\System32\smss.exe
372 csrss.exe
420 C:\Windows\System32\wininit.exe
428 csrss.exe
488 C:\Windows\System32\services.exe
496 C:\Windows\System32\lsass.exe
504 C:\Windows\System32\lsm.exe
544 C:\Windows\System32\winlogon.exe
632 C:\Windows\System32\svchost.exe
708 C:\Windows\System32\svchost.exe
796 C:\Windows\System32\svchost.exe
844 C:\Windows\System32\svchost.exe
912 C:\Windows\System32\svchost.exe
956 C:\Windows\System32\svchost.exe
984 C:\Windows\System32\svchost.exe
1044 C:\Windows\System32\svchost.exe
1136 C:\Windows\explorer.exe
1360 C:\Windows\System32\ctfmon.exe
1864 C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe
1888 C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe
1736 C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe
1900 C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe
1992 C:\Windows\System32\svchost.exe
1920 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
1700 C:\Users\Holly\Desktop\MBRCheck.exe
1264 C:\Windows\System32\conhost.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`b4400000 (NTFS)
PhysicalDrive0 Model Number: TOSHIBAMK3265GSX, Rev: GJ003D
Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
Done!
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Inspiron 1545
Logical Drives Mask: 0x0000000c
Kernel Drivers (total 152):
0x01C1F000 \SystemRoot\system32\ntoskrnl.exe
0x02208000 \SystemRoot\system32\hal.dll
0x00BBA000 \SystemRoot\system32\kdcom.dll
0x00CF9000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00D48000 \SystemRoot\system32\PSHED.dll
0x00D5C000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00EC6000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F6A000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F79000 \SystemRoot\system32\drivers\ACPI.sys
0x00FD0000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00FD9000 \SystemRoot\system32\drivers\msisadrv.sys
0x00E00000 \SystemRoot\system32\drivers\pci.sys
0x00E33000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00E40000 \SystemRoot\System32\drivers\partmgr.sys
0x00E55000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00E5E000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00E6A000 \SystemRoot\system32\drivers\volmgr.sys
0x0108C000 \SystemRoot\System32\drivers\volmgrx.sys
0x010E8000 \SystemRoot\System32\drivers\mountmgr.sys
0x01259000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x01375000 \SystemRoot\system32\drivers\amdxata.sys
0x01380000 \SystemRoot\system32\drivers\fltmgr.sys
0x013CC000 \SystemRoot\system32\drivers\fileinfo.sys
0x013E0000 \SystemRoot\system32\DRIVERS\Lbd.sys
0x01413000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01102000 \SystemRoot\System32\Drivers\msrpc.sys
0x015B6000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01160000 \SystemRoot\System32\Drivers\cng.sys
0x015D1000 \SystemRoot\System32\drivers\pcw.sys
0x015E2000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01611000 \SystemRoot\system32\drivers\ndis.sys
0x01704000 \SystemRoot\system32\drivers\NETIO.SYS
0x01764000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01862000 \SystemRoot\System32\drivers\tcpip.sys
0x01A66000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01AB0000 \SystemRoot\system32\drivers\volsnap.sys
0x01B04000 \SystemRoot\System32\drivers\rdyboost.sys
0x01B3E000 \SystemRoot\System32\Drivers\mup.sys
0x01B50000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01B59000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01B93000 \SystemRoot\system32\DRIVERS\disk.sys
0x01BA9000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x02D56000 \SystemRoot\System32\Drivers\Null.SYS
0x02D5F000 \SystemRoot\System32\Drivers\Beep.SYS
0x02D66000 \SystemRoot\System32\drivers\vga.sys
0x02D74000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x02D99000 \SystemRoot\System32\drivers\watchdog.sys
0x02DA9000 \SystemRoot\system32\drivers\rdpencdd.sys
0x02DB2000 \SystemRoot\System32\Drivers\Msfs.SYS
0x02DBD000 \SystemRoot\System32\Drivers\Npfs.SYS
0x02DCE000 \SystemRoot\system32\DRIVERS\tdx.sys
0x02DF0000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x01000000 \SystemRoot\system32\drivers\afd.sys
0x01800000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02C00000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x02C0B000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x0178F000 \SystemRoot\system32\DRIVERS\pacer.sys
0x01845000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x02C14000 \SystemRoot\system32\DRIVERS\netbios.sys
0x01200000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x01BE7000 \SystemRoot\system32\drivers\nsiproxy.sys
0x017B5000 \SystemRoot\System32\Drivers\dfsc.sys
0x017D3000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x01BF3000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x02EBF000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x02F15000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x02F26000 \SystemRoot\system32\drivers\HDAudBus.sys
0x032F5000 \SystemRoot\system32\DRIVERS\bcmwl664.sys
0x0359D000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x03200000 \SystemRoot\system32\DRIVERS\yk62x64.sys
0x03264000 \SystemRoot\system32\drivers\i8042prt.sys
0x03282000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0x032CD000 \SystemRoot\system32\drivers\mouclass.sys
0x032DC000 \SystemRoot\system32\drivers\kbdclass.sys
0x035AA000 \SystemRoot\system32\drivers\cdrom.sys
0x035D4000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x035E1000 \SystemRoot\system32\drivers\wmiacpi.sys
0x035EA000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x02F4A000 \SystemRoot\system32\drivers\CompositeBus.sys
0x02F5A000 \SystemRoot\system32\drivers\mssmbios.sys
0x02F65000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x02F7B000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x02F9F000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x02FAB000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x02FDA000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x02E00000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x02E21000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x02E3B000 \SystemRoot\system32\drivers\termdd.sys
0x035FB000 \SystemRoot\system32\drivers\swenum.sys
0x02E4F000 \SystemRoot\system32\drivers\ks.sys
0x02E92000 \SystemRoot\system32\drivers\umbus.sys
0x0307A000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x030D4000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x030E9000 \SystemRoot\System32\Drivers\crashdmp.sys
0x02C23000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x030F7000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x00040000 \SystemRoot\System32\win32k.sys
0x0310A000 \SystemRoot\System32\drivers\Dxapi.sys
0x03116000 \SystemRoot\System32\Drivers\RtsUStor.sys
0x03150000 \SystemRoot\System32\Drivers\USBD.SYS
0x00530000 \SystemRoot\System32\drivers\dxg.sys
0x00640000 \SystemRoot\System32\TSDDD.dll
0x00830000 \SystemRoot\System32\framebuf.dll
0x03152000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x0316F000 \SystemRoot\system32\drivers\WudfPf.sys
0x03190000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x031E3000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x03000000 \SystemRoot\system32\DRIVERS\bowser.sys
0x0301E000 \SystemRoot\System32\drivers\mpsdrv.sys
0x03036000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x05E1D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x05E6B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x76E40000 \Windows\System32\ntdll.dll
0x47740000 \Windows\System32\smss.exe
0xFF160000 \Windows\System32\apisetschema.dll
0xFF3C0000 \Windows\System32\autochk.exe
0xFF140000 \Windows\System32\nsi.dll
0xFF0A0000 \Windows\System32\msvcrt.dll
0xFF030000 \Windows\System32\gdi32.dll
0xFEF50000 \Windows\System32\advapi32.dll
0xFEED0000 \Windows\System32\difxapi.dll
0xFECF0000 \Windows\System32\setupapi.dll
0xFEC70000 \Windows\System32\shlwapi.dll
0xFEBD0000 \Windows\System32\comdlg32.dll
0x77010000 \Windows\System32\psapi.dll
0xFEB00000 \Windows\System32\usp10.dll
0xFEAD0000 \Windows\System32\imm32.dll
0xFE9A0000 \Windows\System32\rpcrt4.dll
0xFE8C0000 \Windows\System32\oleaut32.dll
0xFDB30000 \Windows\System32\shell32.dll
0x76CF0000 \Windows\System32\urlmon.dll
0xFD920000 \Windows\System32\ole32.dll
0xFD900000 \Windows\System32\sechost.dll
0xFD8A0000 \Windows\System32\Wldap32.dll
0xFD890000 \Windows\System32\lpk.dll
0x76BD0000 \Windows\System32\kernel32.dll
0xFD780000 \Windows\System32\msctf.dll
0x76AD0000 \Windows\System32\user32.dll
0xFD730000 \Windows\System32\ws2_32.dll
0xFD710000 \Windows\System32\imagehlp.dll
0x768C0000 \Windows\System32\iertutil.dll
0x77000000 \Windows\System32\normaliz.dll
0x76760000 \Windows\System32\wininet.dll
0xFD670000 \Windows\System32\clbcatq.dll
0xFD500000 \Windows\System32\crypt32.dll
0xFD460000 \Windows\System32\comctl32.dll
0xFD440000 \Windows\System32\devobj.dll
0xFD400000 \Windows\System32\wintrust.dll
0xFD3C0000 \Windows\System32\cfgmgr32.dll
0xFD350000 \Windows\System32\KernelBase.dll
0xFD340000 \Windows\System32\msasn1.dll
Processes (total 28):
0 System Idle Process
4 System
300 C:\Windows\System32\smss.exe
372 csrss.exe
420 C:\Windows\System32\wininit.exe
428 csrss.exe
488 C:\Windows\System32\services.exe
496 C:\Windows\System32\lsass.exe
504 C:\Windows\System32\lsm.exe
544 C:\Windows\System32\winlogon.exe
632 C:\Windows\System32\svchost.exe
708 C:\Windows\System32\svchost.exe
796 C:\Windows\System32\svchost.exe
844 C:\Windows\System32\svchost.exe
912 C:\Windows\System32\svchost.exe
956 C:\Windows\System32\svchost.exe
984 C:\Windows\System32\svchost.exe
1044 C:\Windows\System32\svchost.exe
1136 C:\Windows\explorer.exe
1360 C:\Windows\System32\ctfmon.exe
1864 C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe
1888 C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe
1736 C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe
1900 C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe
1992 C:\Windows\System32\svchost.exe
1920 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
1700 C:\Users\Holly\Desktop\MBRCheck.exe
1264 C:\Windows\System32\conhost.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`b4400000 (NTFS)
PhysicalDrive0 Model Number: TOSHIBAMK3265GSX, Rev: GJ003D
Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
Done!
ken545
Emeritus-Security Expert
Good Morning,
There are threats going around now that are infecting your Master Boot Record and your MBRCheck log looks fine.
Are both browsers still being redirected and if so where to ?
Try this other rootkit scanner
Note** you may get the following warning, just click OK and continue.
"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"
Then drag Combofix to the trash and redownload a fresh updated copy, run it and post the log please
Download ComboFix from one of these locations:
Link 1
Link 2
* IMPORTANT !!! Save ComboFix.exe to your Desktop
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
There are threats going around now that are infecting your Master Boot Record and your MBRCheck log looks fine.
Are both browsers still being redirected and if so where to ?
Try this other rootkit scanner
- Please choose one link and download Rootkit Unhooker and save it to your desktop.
Link 1
Link 2
Link 3
- Now double-click on RKUnhookerLE.exe to run it.
- Click the Report tab, then click Scan.
- Check (Tick) Drivers and Stealth
- Uncheck the rest. then click OK
- When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
- Wait till the scanner has finished and then click File > Save Report.
- Save the report somewhere where you can find it. Click Close.
- Copy the entire contents of the report and paste it in your next reply.
Note** you may get the following warning, just click OK and continue.
"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"
Then drag Combofix to the trash and redownload a fresh updated copy, run it and post the log please
Download ComboFix from one of these locations:
Link 1
Link 2
* IMPORTANT !!! Save ComboFix.exe to your Desktop
- Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
- See this Link for programs that need to be disabled and instruction on how to disable them.
- Remember to re-enable them when we're done.
- Double click on ComboFix.exe & follow the prompts.
- As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
Firefox redirect to:
63.209.69.107/search/web/Holly%20Corley/a21/empireppc-440-direc40/v5
when I searched my wife's name it was for a linked in link, but went to the above instead.
Explorer is doing similar
gimmeanswers.org/search/v_q17/results.php?search=Holly%20Corley&aff=empireppc-440-direc40
is where it sends me.
I'll run the other programs after church today.
-scott
63.209.69.107/search/web/Holly%20Corley/a21/empireppc-440-direc40/v5
when I searched my wife's name it was for a linked in link, but went to the above instead.
Explorer is doing similar
gimmeanswers.org/search/v_q17/results.php?search=Holly%20Corley&aff=empireppc-440-direc40
is where it sends me.
I'll run the other programs after church today.
-scott
Last edited by a moderator:
combofix.txt
ComboFix 12-01-16.04 - Holly 01/16/2012 19:39:24.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4056.2547 [GMT -5:00]
Running from: c:\users\Holly\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-12-17 to 2012-01-17 )))))))))))))))))))))))))))))))
.
.
2012-01-17 01:13 . 2012-01-17 01:13 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6F54C6AC-72CB-4466-A742-69A90267151B}\offreg.dll
2012-01-17 01:08 . 2012-01-17 01:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-15 22:45 . 2012-01-15 22:56 35712 ----a-w- c:\windows\SysWow64\drivers\BlackBox.sys
2012-01-15 03:00 . 2012-01-15 03:00 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-15 03:00 . 2012-01-15 03:00 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-15 03:00 . 2012-01-15 03:00 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-15 03:00 . 2012-01-15 03:00 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
2012-01-14 03:28 . 2012-01-14 03:28 -------- d-----w- c:\program files (x86)\ESET
2012-01-13 19:38 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6F54C6AC-72CB-4466-A742-69A90267151B}\mpengine.dll
2012-01-13 01:02 . 2012-01-13 01:02 -------- d-----w- C:\_OTL
2012-01-11 23:36 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 23:36 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-11 23:36 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 23:36 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-11 23:36 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 23:36 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-11 23:36 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-11 23:36 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-11 04:13 . 2012-01-11 04:13 -------- d-----w- c:\program files (x86)\ERUNT
2012-01-07 00:26 . 2012-01-11 04:34 -------- d-----w- c:\users\Holly\AppData\Local\Diagnostics
2012-01-05 01:46 . 2012-01-05 02:10 -------- d-----w- c:\programdata\PC Tools
2012-01-02 21:12 . 2012-01-02 21:12 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-01-02 21:05 . 2012-01-02 21:05 -------- d-----w- c:\users\Holly\AppData\Local\adaware
2012-01-02 21:05 . 2012-01-11 04:25 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2012-01-02 21:05 . 2012-01-02 21:05 -------- d-----w- c:\program files (x86)\Toolbar Cleaner
2012-01-02 21:05 . 2012-01-02 21:05 -------- d-----w- c:\program files (x86)\adawaretb
2012-01-02 21:05 . 2011-11-03 17:06 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys
2012-01-02 21:05 . 2012-01-02 21:05 -------- d-----w- c:\programdata\Lavasoft
2012-01-02 21:05 . 2012-01-02 21:05 -------- d-----w- c:\program files (x86)\Lavasoft
2011-12-31 01:34 . 2011-12-31 01:29 684297 ----a-w- C:\unhide.exe
2011-12-31 01:28 . 2011-12-31 01:28 -------- d-----w- c:\users\Holly\AppData\Roaming\Malwarebytes
2011-12-31 01:28 . 2011-12-31 01:28 -------- d-----w- c:\programdata\Malwarebytes
2011-12-31 01:28 . 2012-01-12 01:49 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-30 23:09 . 2010-09-14 02:12 363520 ----a-w- C:\scott kill.com
2011-12-30 23:08 . 2010-09-14 02:12 363520 ----a-w- C:\rkill.com
2011-12-27 02:58 . 2012-01-17 01:12 -------- d-----r- c:\users\Holly\Dropbox
2011-12-27 02:56 . 2012-01-17 01:12 -------- d-----w- c:\users\Holly\AppData\Roaming\Dropbox
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-24 04:52 . 2011-12-14 00:05 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-16 23:07 . 2011-05-28 01:38 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-05 05:32 . 2011-12-14 00:05 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 04:26 . 2011-12-14 00:05 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-04 01:53 . 2011-12-14 20:17 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-11-04 01:44 . 2011-12-14 20:17 1390080 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 01:44 . 2011-12-14 20:17 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 01:34 . 2011-12-14 20:17 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-03 22:47 . 2011-12-14 20:17 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-11-03 22:40 . 2011-12-14 20:17 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-11-03 22:39 . 2011-12-14 20:17 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-03 22:31 . 2011-12-14 20:17 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-10-26 05:21 . 2011-12-14 00:05 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-24 19:29 . 2011-10-24 19:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 19:29 . 2011-10-24 19:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-12_00.21.00 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-01-12 00:19 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-01-17 00:27 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-01-17 00:27 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-12 00:19 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-17 00:27 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-12 00:19 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-05-28 11:50 . 2012-01-17 01:13 33944 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-01-17 01:13 38808 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:46 . 2012-01-13 01:08 91888 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-01-12 08:11 . 2012-01-12 08:11 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\94787ab3efcc074396a60ff3d83edf78\System.Web.DynamicData.Design.ni.dll
+ 2011-05-27 23:16 . 2012-01-17 01:13 9736 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3384869757-1886810002-3943362877-1001_UserData.bin
+ 2012-01-17 01:11 . 2012-01-17 01:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-01-12 00:19 . 2012-01-12 00:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-01-12 00:19 . 2012-01-12 00:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-01-17 01:11 . 2012-01-17 01:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-06-30 20:20 . 2012-01-14 16:52 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2011-06-30 20:20 . 2012-01-12 00:19 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2011-05-29 00:03 . 2012-01-14 16:19 232858 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 05:01 . 2012-01-12 00:18 244568 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-01-17 01:10 244568 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-07-01 16:46 . 2010-11-20 13:27 465920 c:\windows\ehome\mstvcapn.dll
+ 2012-01-11 23:36 . 2011-10-29 05:23 465920 c:\windows\ehome\mstvcapn.dll
+ 2012-01-12 08:11 . 2012-01-12 08:11 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\8e576ae7d946a5440bddfdbe06818a8b\System.Web.Routing.ni.dll
+ 2012-01-12 08:11 . 2012-01-12 08:11 860160 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\5bd4f855a0b0386cb4baf093216ad2d3\System.Web.Extensions.Design.ni.dll
+ 2012-01-12 08:11 . 2012-01-12 08:11 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\8d56e2f2a05dbde707d87cb3bdf0dffc\System.Web.Entity.ni.dll
+ 2012-01-12 08:11 . 2012-01-12 08:11 301568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\f560658d9ee6d2786cab976e775758d6\System.Web.Entity.Design.ni.dll
+ 2012-01-12 08:11 . 2012-01-12 08:11 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\e94f08faeb08a8ee9d51a3480083bd07\System.Web.DynamicData.ni.dll
+ 2012-01-12 08:11 . 2012-01-12 08:11 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\2dc7ec41005f6e6fe45e0cc0a20a12bc\System.Web.Abstractions.ni.dll
+ 2012-01-12 08:10 . 2012-01-12 08:10 763392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\e6fa2be533d9e540ccafe51980ae0103\System.Data.Entity.Design.ni.dll
- 2009-07-14 04:45 . 2012-01-11 23:30 7114300 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-01-12 08:20 7114300 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-05-27 23:13 . 2012-01-17 01:10 2657632 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3384869757-1886810002-3943362877-1001-8192.dat
+ 2012-01-12 08:11 . 2012-01-12 08:11 1358336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\a612958eaf641f0ba83b0daae44cb7b1\System.WorkflowServices.ni.dll
+ 2012-01-12 08:11 . 2012-01-12 08:11 2209792 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\d957ec1fb12ff02282a7f73d6318b66b\System.Web.Mobile.ni.dll
+ 2012-01-12 08:11 . 2012-01-12 08:11 2404352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\a90f033a5a062ff29f7df8f9edc1a80c\System.Web.Extensions.ni.dll
+ 2012-01-12 08:10 . 2012-01-12 08:10 1707008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\828e31a37bfd9d432083be6307845630\System.ServiceModel.Web.ni.dll
+ 2012-01-12 08:10 . 2012-01-12 08:10 1083392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c0d9df88f2b37d14cf416281364c5b7f\System.IdentityModel.ni.dll
+ 2012-01-12 08:10 . 2012-01-12 08:10 2029568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\76e676a9b6387aad5544d61a4ac12a78\System.Data.Services.ni.dll
+ 2012-01-12 08:10 . 2012-01-12 08:10 6438912 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\20d18697deb8413c01119531c6b987ad\MIGUIControls.ni.dll
+ 2012-01-12 08:10 . 2012-01-12 08:10 1670144 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\dd759df05fad8dc6d3404e8e02b40819\Microsoft.VisualBasic.ni.dll
+ 2012-01-12 08:10 . 2012-01-12 08:10 1681920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\695508ea67706e5f66208cabe5363099\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-01-12 08:10 . 2012-01-12 08:10 1009664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\5662462cfa995c71817791af93686db2\Microsoft.MediaCenter.ni.dll
+ 2012-01-12 08:10 . 2012-01-12 08:10 6499840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\4676e3f99469bd1120f8aed9cf37e4d2\Microsoft.MediaCenter.UI.ni.dll
+ 2011-09-11 13:22 . 2012-01-12 08:01 54008112 c:\windows\system32\MRT.exe
+ 2012-01-12 08:10 . 2012-01-12 08:10 17478656 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\7bc7e33d4568a214f226cdb6a161a37a\System.ServiceModel.ni.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2011-10-21 09:10 87440 ----a-w- c:\program files (x86)\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2011-10-21 87440]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Holly\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Holly\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Holly\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
.
c:\users\Holly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Holly\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-12-5 24242056]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-5-27 110592]
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe"
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
.
R0 BlackBox;BlackBox SR2; [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-27 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-27 136176]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe [2009-03-03 89600]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-03-28 136360]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-11-03 2152152]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2012-01-02 17152]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - LAVASOFT_KERNEXPLORER
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-17 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-11-03 17:06]
.
2012-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-27 22:59]
.
2012-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-27 22:59]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Holly\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Holly\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Holly\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Holly\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-01-18 368640]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-02-26 487424]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-30 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-30 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-30 365080]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.dell.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.5.1
FF - ProfilePath - c:\users\Holly\AppData\Roaming\Mozilla\Firefox\Profiles\7b5zwuw5.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/?_bc=1
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
c:\program files (x86)\Common Files\Java\Java Update\jusched.exe
.
**************************************************************************
.
Completion time: 2012-01-16 20:32:47 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-17 01:32
ComboFix2.txt 2012-01-12 00:42
.
Pre-Run: 264,804,761,600 bytes free
Post-Run: 264,548,384,768 bytes free
.
- - End Of File - - 3EE1782161C743A904DA2F8C9D1AAA63
ComboFix 12-01-16.04 - Holly 01/16/2012 19:39:24.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4056.2547 [GMT -5:00]
Running from: c:\users\Holly\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-12-17 to 2012-01-17 )))))))))))))))))))))))))))))))
.
.
2012-01-17 01:13 . 2012-01-17 01:13 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6F54C6AC-72CB-4466-A742-69A90267151B}\offreg.dll
2012-01-17 01:08 . 2012-01-17 01:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-15 22:45 . 2012-01-15 22:56 35712 ----a-w- c:\windows\SysWow64\drivers\BlackBox.sys
2012-01-15 03:00 . 2012-01-15 03:00 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-15 03:00 . 2012-01-15 03:00 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-15 03:00 . 2012-01-15 03:00 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-15 03:00 . 2012-01-15 03:00 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
2012-01-14 03:28 . 2012-01-14 03:28 -------- d-----w- c:\program files (x86)\ESET
2012-01-13 19:38 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6F54C6AC-72CB-4466-A742-69A90267151B}\mpengine.dll
2012-01-13 01:02 . 2012-01-13 01:02 -------- d-----w- C:\_OTL
2012-01-11 23:36 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 23:36 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-11 23:36 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 23:36 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-11 23:36 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 23:36 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-11 23:36 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-11 23:36 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-11 04:13 . 2012-01-11 04:13 -------- d-----w- c:\program files (x86)\ERUNT
2012-01-07 00:26 . 2012-01-11 04:34 -------- d-----w- c:\users\Holly\AppData\Local\Diagnostics
2012-01-05 01:46 . 2012-01-05 02:10 -------- d-----w- c:\programdata\PC Tools
2012-01-02 21:12 . 2012-01-02 21:12 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-01-02 21:05 . 2012-01-02 21:05 -------- d-----w- c:\users\Holly\AppData\Local\adaware
2012-01-02 21:05 . 2012-01-11 04:25 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2012-01-02 21:05 . 2012-01-02 21:05 -------- d-----w- c:\program files (x86)\Toolbar Cleaner
2012-01-02 21:05 . 2012-01-02 21:05 -------- d-----w- c:\program files (x86)\adawaretb
2012-01-02 21:05 . 2011-11-03 17:06 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys
2012-01-02 21:05 . 2012-01-02 21:05 -------- d-----w- c:\programdata\Lavasoft
2012-01-02 21:05 . 2012-01-02 21:05 -------- d-----w- c:\program files (x86)\Lavasoft
2011-12-31 01:34 . 2011-12-31 01:29 684297 ----a-w- C:\unhide.exe
2011-12-31 01:28 . 2011-12-31 01:28 -------- d-----w- c:\users\Holly\AppData\Roaming\Malwarebytes
2011-12-31 01:28 . 2011-12-31 01:28 -------- d-----w- c:\programdata\Malwarebytes
2011-12-31 01:28 . 2012-01-12 01:49 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-30 23:09 . 2010-09-14 02:12 363520 ----a-w- C:\scott kill.com
2011-12-30 23:08 . 2010-09-14 02:12 363520 ----a-w- C:\rkill.com
2011-12-27 02:58 . 2012-01-17 01:12 -------- d-----r- c:\users\Holly\Dropbox
2011-12-27 02:56 . 2012-01-17 01:12 -------- d-----w- c:\users\Holly\AppData\Roaming\Dropbox
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-24 04:52 . 2011-12-14 00:05 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-16 23:07 . 2011-05-28 01:38 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-05 05:32 . 2011-12-14 00:05 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 04:26 . 2011-12-14 00:05 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-04 01:53 . 2011-12-14 20:17 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-11-04 01:44 . 2011-12-14 20:17 1390080 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 01:44 . 2011-12-14 20:17 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 01:34 . 2011-12-14 20:17 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-03 22:47 . 2011-12-14 20:17 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-11-03 22:40 . 2011-12-14 20:17 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-11-03 22:39 . 2011-12-14 20:17 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-03 22:31 . 2011-12-14 20:17 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-10-26 05:21 . 2011-12-14 00:05 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-24 19:29 . 2011-10-24 19:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 19:29 . 2011-10-24 19:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-12_00.21.00 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-01-12 00:19 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-01-17 00:27 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-01-17 00:27 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-12 00:19 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-17 00:27 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-12 00:19 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-05-28 11:50 . 2012-01-17 01:13 33944 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-01-17 01:13 38808 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:46 . 2012-01-13 01:08 91888 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-01-12 08:11 . 2012-01-12 08:11 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\94787ab3efcc074396a60ff3d83edf78\System.Web.DynamicData.Design.ni.dll
+ 2011-05-27 23:16 . 2012-01-17 01:13 9736 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3384869757-1886810002-3943362877-1001_UserData.bin
+ 2012-01-17 01:11 . 2012-01-17 01:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-01-12 00:19 . 2012-01-12 00:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-01-12 00:19 . 2012-01-12 00:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-01-17 01:11 . 2012-01-17 01:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-06-30 20:20 . 2012-01-14 16:52 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2011-06-30 20:20 . 2012-01-12 00:19 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2011-05-29 00:03 . 2012-01-14 16:19 232858 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 05:01 . 2012-01-12 00:18 244568 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-01-17 01:10 244568 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-07-01 16:46 . 2010-11-20 13:27 465920 c:\windows\ehome\mstvcapn.dll
+ 2012-01-11 23:36 . 2011-10-29 05:23 465920 c:\windows\ehome\mstvcapn.dll
+ 2012-01-12 08:11 . 2012-01-12 08:11 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\8e576ae7d946a5440bddfdbe06818a8b\System.Web.Routing.ni.dll
+ 2012-01-12 08:11 . 2012-01-12 08:11 860160 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\5bd4f855a0b0386cb4baf093216ad2d3\System.Web.Extensions.Design.ni.dll
+ 2012-01-12 08:11 . 2012-01-12 08:11 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\8d56e2f2a05dbde707d87cb3bdf0dffc\System.Web.Entity.ni.dll
+ 2012-01-12 08:11 . 2012-01-12 08:11 301568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\f560658d9ee6d2786cab976e775758d6\System.Web.Entity.Design.ni.dll
+ 2012-01-12 08:11 . 2012-01-12 08:11 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\e94f08faeb08a8ee9d51a3480083bd07\System.Web.DynamicData.ni.dll
+ 2012-01-12 08:11 . 2012-01-12 08:11 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\2dc7ec41005f6e6fe45e0cc0a20a12bc\System.Web.Abstractions.ni.dll
+ 2012-01-12 08:10 . 2012-01-12 08:10 763392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\e6fa2be533d9e540ccafe51980ae0103\System.Data.Entity.Design.ni.dll
- 2009-07-14 04:45 . 2012-01-11 23:30 7114300 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-01-12 08:20 7114300 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-05-27 23:13 . 2012-01-17 01:10 2657632 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3384869757-1886810002-3943362877-1001-8192.dat
+ 2012-01-12 08:11 . 2012-01-12 08:11 1358336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\a612958eaf641f0ba83b0daae44cb7b1\System.WorkflowServices.ni.dll
+ 2012-01-12 08:11 . 2012-01-12 08:11 2209792 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\d957ec1fb12ff02282a7f73d6318b66b\System.Web.Mobile.ni.dll
+ 2012-01-12 08:11 . 2012-01-12 08:11 2404352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\a90f033a5a062ff29f7df8f9edc1a80c\System.Web.Extensions.ni.dll
+ 2012-01-12 08:10 . 2012-01-12 08:10 1707008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\828e31a37bfd9d432083be6307845630\System.ServiceModel.Web.ni.dll
+ 2012-01-12 08:10 . 2012-01-12 08:10 1083392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c0d9df88f2b37d14cf416281364c5b7f\System.IdentityModel.ni.dll
+ 2012-01-12 08:10 . 2012-01-12 08:10 2029568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\76e676a9b6387aad5544d61a4ac12a78\System.Data.Services.ni.dll
+ 2012-01-12 08:10 . 2012-01-12 08:10 6438912 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\20d18697deb8413c01119531c6b987ad\MIGUIControls.ni.dll
+ 2012-01-12 08:10 . 2012-01-12 08:10 1670144 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\dd759df05fad8dc6d3404e8e02b40819\Microsoft.VisualBasic.ni.dll
+ 2012-01-12 08:10 . 2012-01-12 08:10 1681920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\695508ea67706e5f66208cabe5363099\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-01-12 08:10 . 2012-01-12 08:10 1009664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\5662462cfa995c71817791af93686db2\Microsoft.MediaCenter.ni.dll
+ 2012-01-12 08:10 . 2012-01-12 08:10 6499840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\4676e3f99469bd1120f8aed9cf37e4d2\Microsoft.MediaCenter.UI.ni.dll
+ 2011-09-11 13:22 . 2012-01-12 08:01 54008112 c:\windows\system32\MRT.exe
+ 2012-01-12 08:10 . 2012-01-12 08:10 17478656 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\7bc7e33d4568a214f226cdb6a161a37a\System.ServiceModel.ni.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2011-10-21 09:10 87440 ----a-w- c:\program files (x86)\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2011-10-21 87440]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Holly\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Holly\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Holly\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
.
c:\users\Holly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Holly\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-12-5 24242056]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-5-27 110592]
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe"
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
.
R0 BlackBox;BlackBox SR2; [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-27 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-27 136176]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe [2009-03-03 89600]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-03-28 136360]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-11-03 2152152]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2012-01-02 17152]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - LAVASOFT_KERNEXPLORER
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-17 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-11-03 17:06]
.
2012-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-27 22:59]
.
2012-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-27 22:59]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Holly\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Holly\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Holly\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Holly\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-01-18 368640]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-02-26 487424]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-30 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-30 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-30 365080]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.dell.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.5.1
FF - ProfilePath - c:\users\Holly\AppData\Roaming\Mozilla\Firefox\Profiles\7b5zwuw5.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/?_bc=1
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
c:\program files (x86)\Common Files\Java\Java Update\jusched.exe
.
**************************************************************************
.
Completion time: 2012-01-16 20:32:47 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-17 01:32
ComboFix2.txt 2012-01-12 00:42
.
Pre-Run: 264,804,761,600 bytes free
Post-Run: 264,548,384,768 bytes free
.
- - End Of File - - 3EE1782161C743A904DA2F8C9D1AAA63
ken545
Emeritus-Security Expert
I am not seeing any of that in your log.
Open IE and go to Tools > Manage Add Ons > Search Providers and see if gimmeanswers is in there and if so delete it.
Open FF and go to Tools> Add Ons > Extensions and do the same thing.
Please download SuperAntiSpyware Free
Install the program
Make sure everything found has a check next to it, and press: Next <-- Important
Then, click Finish
It is possible that the program asks to reboot in order to delete some files.
Obtain the SuperAntiSpyware log as follows:
Please provide the SuperAntiSpyware log in your next reply
Open IE and go to Tools > Manage Add Ons > Search Providers and see if gimmeanswers is in there and if so delete it.
Open FF and go to Tools> Add Ons > Extensions and do the same thing.
Please download SuperAntiSpyware Free
Install the program
- Run SuperAntiSpyware and click: Check for updates
- Once the update is finished, on the main screen, click: Scan your computer
- Check: Perform Complete Scan
- Click Next to start the scan.
Make sure everything found has a check next to it, and press: Next <-- Important
Then, click Finish
It is possible that the program asks to reboot in order to delete some files.
Obtain the SuperAntiSpyware log as follows:
- Click: Preferences
- Click the Statistics/Logs tab
- Under Scanner Logs, double-click SuperAntiSpyware Scan Log
Please provide the SuperAntiSpyware log in your next reply
scan log
neither IE nor FF had anything like gimmeranswers in the add ons.
here is the superantispyware log posted in 2 parts
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 01/16/2012 at 11:16 PM
Application Version : 5.0.1142
Core Rules Database Version : 8134
Trace Rules Database Version: 5946
Scan type : Complete Scan
Total Scan Time : 00:41:46
Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User
Memory items scanned : 577
Memory threats detected : 0
Registry items scanned : 70004
Registry threats detected : 0
File items scanned : 46979
File threats detected : 713
Adware.Tracking Cookie
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\NYY50X9I.txt [ /indieclick.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\FT5SKT9W.txt [ /d.mediadakine.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\4G3W9B5H.txt [ /questionmarket.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\5OX73EZH.txt [ /accounts.google.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\8JFI0TYL.txt [ /pro-market.net ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\1QEQ1MRE.txt [ /bevelwise.rotator.hadj7.adjuggler.net ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\1V4ZG000.txt [ /content.yieldmanager.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\M78ZKDZE.txt [ /insightexpressai.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\3JY666ME.txt [ /mediatraffic.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\GNQ16LT3.txt [ /pointroll.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\LUQ32691.txt [ /ru4.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\SFAPFS7V.txt [ /boom-find.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\P3A5A14L.txt [ /miva.cinomedia.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\T5NXM8NI.txt [ /adserver.adtechus.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\FJPG9U0O.txt [ /awesome-find.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\ZP7DJO1M.txt [ /yieldmanager.net ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\DJS49S34.txt [ /findsimle.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\KDGVH0G5.txt [ /findesop.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\MB94D7FU.txt [ /malakmedia.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\3NIKCGNY.txt [ /ox-d.fondnessmedia.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\P45OOZV7.txt [ /www.findallofittoday.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\E0WPZ0Z1.txt [ /adserver2.eclickz.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\7IIMQWC5.txt [ /blog.chitika.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\OVSPVODL.txt [ /fromtofind.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\WC2B5NV2.txt [ /harrenmedianetwork.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\2SL80N1Z.txt [ /adtech.de ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\V5JDO7XX.txt [ /mm.chitika.net ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\2UKYXPJM.txt [ /a1.interclick.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\1OM3XYPQ.txt [ /tribalfusion.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\D90AFD6A.txt [ /adxpose.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\Q5TTR7F3.txt [ /clicks.thespecialsearch.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\6KJSUWW5.txt [ /bs.serving-sys.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\ATUC9XHH.txt [ /findology.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\V6547A7J.txt [ /mediaservices-d.openxenterprise.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\FQDCO5A8.txt [ /collective-media.net ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\S2VIEF7V.txt [ /findedclik.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\075JCVMP.txt [ /lokyfind.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\EOAUA6ND.txt [ /atwola.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\U0B9TC0V.txt [ /media.adfrontiers.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\578XV9XZ.txt [ /chitika.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\H028SG6Q.txt [ /media6degrees.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\7AX1AJMR.txt [ /ad.360yield.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\DA3SS0C4.txt [ /pennyfinder.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\AH7K3ZTG.txt [ /invitemedia.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\LSKVW1AR.txt [ /ad.yieldmanager.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\OSBCHY7L.txt [ /advertise.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\X2ZAJZ5Y.txt [ /lucidmedia.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\V6HG4X7L.txt [ /at.atwola.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\3CXXQ188.txt [ /ads.adk2.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\SZ824DMP.txt [ /xml.trafficengine.net ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\FAY5BPK9.txt [ /banners.trafficengine.net ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\0UX3X5U5.txt [ /www.googleadservices.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\TTGCTU77.txt [ /revsci.net ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\FEENR2RH.txt [ /interclick.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\1V82UH8G.txt [ /weborama.fr ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\0W0HAMKX.txt [ /click.scour.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\2AUOC6SJ.txt [ /serving-sys.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\AAIPH3LD.txt [ /ads.pubmatic.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\HX2P4TS6.txt [ /adbrite.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\21WMB3QT.txt [ /realmedia.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\91F8GYG3.txt [ /amazon-adsystem.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\2SY0Y9AI.txt [ /tacoda.at.atwola.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\6KZ5SG5H.txt [ /ads.pointroll.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\NUXKSEKT.txt [ /mifind.net ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\G8Y5ASQY.txt [ /server.cpmstar.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\CL8TOAHU.txt [ /imrworldwide.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\R4V5LZSS.txt [ /perfind.net ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\DH1UDJBR.txt [ /goclicker.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\1EU8D0BK.txt [ /optimize.indieclick.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\NKH8QFHZ.txt [ /cn.clickable.net ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\3JZAKRMM.txt [ /www.citygridmedia.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\60S52ZWS.txt [ /klpfind.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\G27LL1G0.txt [ /test.sem-tracking-analytics.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\KWQ8MJ78.txt [ /www.networkadvertising.org ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\1D7YRP5A.txt [ /click.searchnation.net ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\HKP04TNR.txt [ /ad2.adfarm1.adition.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\KPAD0UL2.txt [ /intermundomedia.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\CM3QFECT.txt [ /mellfind.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\8PGVMZM0.txt [ /adfarm1.adition.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\DI375HAA.txt [ /ads.footar.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\LT319MGE.txt [ /buzz-media.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\ND212QID.txt [ /kontera.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\C3BACZ98.txt [ /network.realmedia.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\6V2MR805.txt [ /insights.chitika.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\WJENJH9Q.txt [ /orange-advertising.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\TXRI0JCW.txt [ /dmfind.net ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\1Z41NNKV.txt [ /stat.onestat.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\QC3Z6WOL.txt [ /clickkick.net ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\VCFY93S6.txt [ /bizzclick.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\T3UMBGZ9.txt [ /adinterax.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\4KZNNNY9.txt [ /seek-media.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\JVOW2F09.txt [ /smashfind.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\MUFIB3HX.txt [ /fidelity.rotator.hadj7.adjuggler.net ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\TGOA2J1L.txt [ /akamai.interclickproxy.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\CLIFDGHT.txt [ /xml.mediality.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\VRXBHJ33.txt [ /trafficmp.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\UC2R7OQ7.txt [ /findstops.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\KI3KVY69.txt [ /xm.xtendmedia.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\7PLH6QBC.txt [ /citygridmedia.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\VYL6YB4H.txt [ /ar.atwola.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\OQQH8BS0.txt [ /ads.undertone.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\NI3LR42W.txt [ /clicks.freesearchbuddy.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\8BLMHUJL.txt [ /stevesmithmedia.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\RW15CMW3.txt [ /ads.networldmedia.net ]
C:\USERS\HOLLY\AppData\Roaming\Microsoft\Windows\Cookies\SV07B70L.txt [ Cookie:holly@isourcecenter.com/click/ ]
C:\USERS\HOLLY\AppData\Roaming\Microsoft\Windows\Cookies\6MOLKWQV.txt [ Cookie:holly@indigo-search.com/click/ ]
C:\USERS\HOLLY\AppData\Roaming\Microsoft\Windows\Cookies\1UJGFWWI.txt [ Cookie:holly@seek-your.com/click/ ]
C:\USERS\HOLLY\AppData\Roaming\Microsoft\Windows\Cookies\Low\holly@pointroll[2].txt [ Cookie:holly@pointroll.com/ ]
C:\USERS\HOLLY\AppData\Roaming\Microsoft\Windows\Cookies\Low\holly@doubleclick[1].txt [ Cookie:holly@doubleclick.net/ ]
C:\USERS\HOLLY\AppData\Roaming\Microsoft\Windows\Cookies\Low\holly@ads.pointroll[1].txt [ Cookie:holly@ads.pointroll.com/ ]
C:\USERS\HOLLY\AppData\Roaming\Microsoft\Windows\Cookies\Low\MG06A7LG.txt [ Cookie:holly@imrworldwide.com/cgi-bin ]
C:\USERS\HOLLY\Cookies\NYY50X9I.txt [ Cookie:holly@indieclick.com/ ]
C:\USERS\HOLLY\Cookies\FT5SKT9W.txt [ Cookie:holly@d.mediadakine.com/ ]
C:\USERS\HOLLY\Cookies\4G3W9B5H.txt [ Cookie:holly@questionmarket.com/ ]
C:\USERS\HOLLY\Cookies\5OX73EZH.txt [ Cookie:holly@accounts.google.com/ ]
C:\USERS\HOLLY\Cookies\8JFI0TYL.txt [ Cookie:holly@pro-market.net/ ]
C:\USERS\HOLLY\Cookies\1QEQ1MRE.txt [ Cookie:holly@bevelwise.rotator.hadj7.adjuggler.net/ ]
C:\USERS\HOLLY\Cookies\1V4ZG000.txt [ Cookie:holly@content.yieldmanager.com/ ]
C:\USERS\HOLLY\Cookies\3JY666ME.txt [ Cookie:holly@mediatraffic.com/ ]
C:\USERS\HOLLY\Cookies\GNQ16LT3.txt [ Cookie:holly@pointroll.com/ ]
C:\USERS\HOLLY\Cookies\SFAPFS7V.txt [ Cookie:holly@boom-find.com/click/ ]
C:\USERS\HOLLY\Cookies\P3A5A14L.txt [ Cookie:holly@miva.cinomedia.com/ ]
C:\USERS\HOLLY\Cookies\T5NXM8NI.txt [ Cookie:holly@adserver.adtechus.com/ ]
C:\USERS\HOLLY\Cookies\FJPG9U0O.txt [ Cookie:holly@awesome-find.com/click/ ]
C:\USERS\HOLLY\Cookies\ZP7DJO1M.txt [ Cookie:holly@yieldmanager.net/ ]
C:\USERS\HOLLY\Cookies\DJS49S34.txt [ Cookie:holly@findsimle.com/ ]
C:\USERS\HOLLY\Cookies\KDGVH0G5.txt [ Cookie:holly@findesop.com/ ]
C:\USERS\HOLLY\Cookies\MB94D7FU.txt [ Cookie:holly@malakmedia.com/ ]
C:\USERS\HOLLY\Cookies\P45OOZV7.txt [ Cookie:holly@www.findallofittoday.com/ ]
C:\USERS\HOLLY\Cookies\E0WPZ0Z1.txt [ Cookie:holly@adserver2.eclickz.com/ ]
C:\USERS\HOLLY\Cookies\7IIMQWC5.txt [ Cookie:holly@blog.chitika.com/ ]
C:\USERS\HOLLY\Cookies\OVSPVODL.txt [ Cookie:holly@fromtofind.com/ ]
C:\USERS\HOLLY\Cookies\2SL80N1Z.txt [ Cookie:holly@adtech.de/ ]
C:\USERS\HOLLY\Cookies\V5JDO7XX.txt [ Cookie:holly@mm.chitika.net/ ]
C:\USERS\HOLLY\Cookies\2UKYXPJM.txt [ Cookie:holly@a1.interclick.com/ ]
C:\USERS\HOLLY\Cookies\D90AFD6A.txt [ Cookie:holly@adxpose.com/ ]
C:\USERS\HOLLY\Cookies\Q5TTR7F3.txt [ Cookie:holly@clicks.thespecialsearch.com/ ]
C:\USERS\HOLLY\Cookies\ATUC9XHH.txt [ Cookie:holly@findology.com/ ]
C:\USERS\HOLLY\Cookies\V6547A7J.txt [ Cookie:holly@mediaservices-d.openxenterprise.com/ ]
C:\USERS\HOLLY\Cookies\FQDCO5A8.txt [ Cookie:holly@collective-media.net/ ]
C:\USERS\HOLLY\Cookies\S2VIEF7V.txt [ Cookie:holly@findedclik.com/ ]
C:\USERS\HOLLY\Cookies\075JCVMP.txt [ Cookie:holly@lokyfind.com/ ]
C:\USERS\HOLLY\Cookies\EOAUA6ND.txt [ Cookie:holly@atwola.com/ ]
C:\USERS\HOLLY\Cookies\U0B9TC0V.txt [ Cookie:holly@media.adfrontiers.com/ ]
C:\USERS\HOLLY\Cookies\578XV9XZ.txt [ Cookie:holly@chitika.com/ ]
C:\USERS\HOLLY\Cookies\H028SG6Q.txt [ Cookie:holly@media6degrees.com/ ]
C:\USERS\HOLLY\Cookies\DA3SS0C4.txt [ Cookie:holly@pennyfinder.com/ ]
C:\USERS\HOLLY\Cookies\AH7K3ZTG.txt [ Cookie:holly@invitemedia.com/ ]
C:\USERS\HOLLY\Cookies\LSKVW1AR.txt [ Cookie:holly@ad.yieldmanager.com/ ]
C:\USERS\HOLLY\Cookies\OSBCHY7L.txt [ Cookie:holly@advertise.com/ ]
C:\USERS\HOLLY\Cookies\X2ZAJZ5Y.txt [ Cookie:holly@lucidmedia.com/ ]
C:\USERS\HOLLY\Cookies\V6HG4X7L.txt [ Cookie:holly@at.atwola.com/ ]
C:\USERS\HOLLY\Cookies\SV07B70L.txt [ Cookie:holly@isourcecenter.com/click/ ]
C:\USERS\HOLLY\Cookies\FAY5BPK9.txt [ Cookie:holly@banners.trafficengine.net/ ]
C:\USERS\HOLLY\Cookies\TTGCTU77.txt [ Cookie:holly@revsci.net/ ]
C:\USERS\HOLLY\Cookies\FEENR2RH.txt [ Cookie:holly@interclick.com/ ]
C:\USERS\HOLLY\Cookies\6MOLKWQV.txt [ Cookie:holly@indigo-search.com/click/ ]
C:\USERS\HOLLY\Cookies\1V82UH8G.txt [ Cookie:holly@weborama.fr/ ]
C:\USERS\HOLLY\Cookies\0W0HAMKX.txt [ Cookie:holly@click.scour.com/ ]
C:\USERS\HOLLY\Cookies\HX2P4TS6.txt [ Cookie:holly@adbrite.com/ ]
C:\USERS\HOLLY\Cookies\91F8GYG3.txt [ Cookie:holly@amazon-adsystem.com/ ]
C:\USERS\HOLLY\Cookies\2SY0Y9AI.txt [ Cookie:holly@tacoda.at.atwola.com/ ]
C:\USERS\HOLLY\Cookies\6KZ5SG5H.txt [ Cookie:holly@ads.pointroll.com/ ]
C:\USERS\HOLLY\Cookies\NUXKSEKT.txt [ Cookie:holly@mifind.net/ ]
C:\USERS\HOLLY\Cookies\G8Y5ASQY.txt [ Cookie:holly@server.cpmstar.com/ ]
C:\USERS\HOLLY\Cookies\CL8TOAHU.txt [ Cookie:holly@imrworldwide.com/cgi-bin ]
C:\USERS\HOLLY\Cookies\R4V5LZSS.txt [ Cookie:holly@perfind.net/ ]
C:\USERS\HOLLY\Cookies\DH1UDJBR.txt [ Cookie:holly@goclicker.com/ ]
C:\USERS\HOLLY\Cookies\1EU8D0BK.txt [ Cookie:holly@optimize.indieclick.com/ ]
C:\USERS\HOLLY\Cookies\NKH8QFHZ.txt [ Cookie:holly@cn.clickable.net/ ]
neither IE nor FF had anything like gimmeranswers in the add ons.
here is the superantispyware log posted in 2 parts
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 01/16/2012 at 11:16 PM
Application Version : 5.0.1142
Core Rules Database Version : 8134
Trace Rules Database Version: 5946
Scan type : Complete Scan
Total Scan Time : 00:41:46
Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User
Memory items scanned : 577
Memory threats detected : 0
Registry items scanned : 70004
Registry threats detected : 0
File items scanned : 46979
File threats detected : 713
Adware.Tracking Cookie
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\NYY50X9I.txt [ /indieclick.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\FT5SKT9W.txt [ /d.mediadakine.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\4G3W9B5H.txt [ /questionmarket.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\5OX73EZH.txt [ /accounts.google.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\8JFI0TYL.txt [ /pro-market.net ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\1QEQ1MRE.txt [ /bevelwise.rotator.hadj7.adjuggler.net ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\1V4ZG000.txt [ /content.yieldmanager.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\M78ZKDZE.txt [ /insightexpressai.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\3JY666ME.txt [ /mediatraffic.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\GNQ16LT3.txt [ /pointroll.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\LUQ32691.txt [ /ru4.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\SFAPFS7V.txt [ /boom-find.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\P3A5A14L.txt [ /miva.cinomedia.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\T5NXM8NI.txt [ /adserver.adtechus.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\FJPG9U0O.txt [ /awesome-find.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\ZP7DJO1M.txt [ /yieldmanager.net ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\DJS49S34.txt [ /findsimle.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\KDGVH0G5.txt [ /findesop.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\MB94D7FU.txt [ /malakmedia.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\3NIKCGNY.txt [ /ox-d.fondnessmedia.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\P45OOZV7.txt [ /www.findallofittoday.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\E0WPZ0Z1.txt [ /adserver2.eclickz.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\7IIMQWC5.txt [ /blog.chitika.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\OVSPVODL.txt [ /fromtofind.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\WC2B5NV2.txt [ /harrenmedianetwork.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\2SL80N1Z.txt [ /adtech.de ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\V5JDO7XX.txt [ /mm.chitika.net ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\2UKYXPJM.txt [ /a1.interclick.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\1OM3XYPQ.txt [ /tribalfusion.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\D90AFD6A.txt [ /adxpose.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\Q5TTR7F3.txt [ /clicks.thespecialsearch.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\6KJSUWW5.txt [ /bs.serving-sys.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\ATUC9XHH.txt [ /findology.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\V6547A7J.txt [ /mediaservices-d.openxenterprise.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\FQDCO5A8.txt [ /collective-media.net ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\S2VIEF7V.txt [ /findedclik.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\075JCVMP.txt [ /lokyfind.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\EOAUA6ND.txt [ /atwola.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\U0B9TC0V.txt [ /media.adfrontiers.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\578XV9XZ.txt [ /chitika.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\H028SG6Q.txt [ /media6degrees.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\7AX1AJMR.txt [ /ad.360yield.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\DA3SS0C4.txt [ /pennyfinder.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\AH7K3ZTG.txt [ /invitemedia.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\LSKVW1AR.txt [ /ad.yieldmanager.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\OSBCHY7L.txt [ /advertise.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\X2ZAJZ5Y.txt [ /lucidmedia.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\V6HG4X7L.txt [ /at.atwola.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\3CXXQ188.txt [ /ads.adk2.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\SZ824DMP.txt [ /xml.trafficengine.net ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\FAY5BPK9.txt [ /banners.trafficengine.net ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\0UX3X5U5.txt [ /www.googleadservices.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\TTGCTU77.txt [ /revsci.net ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\FEENR2RH.txt [ /interclick.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\1V82UH8G.txt [ /weborama.fr ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\0W0HAMKX.txt [ /click.scour.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\2AUOC6SJ.txt [ /serving-sys.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\AAIPH3LD.txt [ /ads.pubmatic.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\HX2P4TS6.txt [ /adbrite.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\21WMB3QT.txt [ /realmedia.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\91F8GYG3.txt [ /amazon-adsystem.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\2SY0Y9AI.txt [ /tacoda.at.atwola.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\6KZ5SG5H.txt [ /ads.pointroll.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\NUXKSEKT.txt [ /mifind.net ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\G8Y5ASQY.txt [ /server.cpmstar.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\CL8TOAHU.txt [ /imrworldwide.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\R4V5LZSS.txt [ /perfind.net ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\DH1UDJBR.txt [ /goclicker.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\1EU8D0BK.txt [ /optimize.indieclick.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\NKH8QFHZ.txt [ /cn.clickable.net ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\3JZAKRMM.txt [ /www.citygridmedia.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\60S52ZWS.txt [ /klpfind.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\G27LL1G0.txt [ /test.sem-tracking-analytics.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\KWQ8MJ78.txt [ /www.networkadvertising.org ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\1D7YRP5A.txt [ /click.searchnation.net ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\HKP04TNR.txt [ /ad2.adfarm1.adition.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\KPAD0UL2.txt [ /intermundomedia.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\CM3QFECT.txt [ /mellfind.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\8PGVMZM0.txt [ /adfarm1.adition.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\DI375HAA.txt [ /ads.footar.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\LT319MGE.txt [ /buzz-media.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\ND212QID.txt [ /kontera.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\C3BACZ98.txt [ /network.realmedia.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\6V2MR805.txt [ /insights.chitika.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\WJENJH9Q.txt [ /orange-advertising.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\TXRI0JCW.txt [ /dmfind.net ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\1Z41NNKV.txt [ /stat.onestat.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\QC3Z6WOL.txt [ /clickkick.net ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\VCFY93S6.txt [ /bizzclick.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\T3UMBGZ9.txt [ /adinterax.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\4KZNNNY9.txt [ /seek-media.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\JVOW2F09.txt [ /smashfind.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\MUFIB3HX.txt [ /fidelity.rotator.hadj7.adjuggler.net ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\TGOA2J1L.txt [ /akamai.interclickproxy.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\CLIFDGHT.txt [ /xml.mediality.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\VRXBHJ33.txt [ /trafficmp.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\UC2R7OQ7.txt [ /findstops.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\KI3KVY69.txt [ /xm.xtendmedia.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\7PLH6QBC.txt [ /citygridmedia.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\VYL6YB4H.txt [ /ar.atwola.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\OQQH8BS0.txt [ /ads.undertone.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\NI3LR42W.txt [ /clicks.freesearchbuddy.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\8BLMHUJL.txt [ /stevesmithmedia.com ]
C:\Users\Holly\AppData\Roaming\Microsoft\Windows\Cookies\RW15CMW3.txt [ /ads.networldmedia.net ]
C:\USERS\HOLLY\AppData\Roaming\Microsoft\Windows\Cookies\SV07B70L.txt [ Cookie:holly@isourcecenter.com/click/ ]
C:\USERS\HOLLY\AppData\Roaming\Microsoft\Windows\Cookies\6MOLKWQV.txt [ Cookie:holly@indigo-search.com/click/ ]
C:\USERS\HOLLY\AppData\Roaming\Microsoft\Windows\Cookies\1UJGFWWI.txt [ Cookie:holly@seek-your.com/click/ ]
C:\USERS\HOLLY\AppData\Roaming\Microsoft\Windows\Cookies\Low\holly@pointroll[2].txt [ Cookie:holly@pointroll.com/ ]
C:\USERS\HOLLY\AppData\Roaming\Microsoft\Windows\Cookies\Low\holly@doubleclick[1].txt [ Cookie:holly@doubleclick.net/ ]
C:\USERS\HOLLY\AppData\Roaming\Microsoft\Windows\Cookies\Low\holly@ads.pointroll[1].txt [ Cookie:holly@ads.pointroll.com/ ]
C:\USERS\HOLLY\AppData\Roaming\Microsoft\Windows\Cookies\Low\MG06A7LG.txt [ Cookie:holly@imrworldwide.com/cgi-bin ]
C:\USERS\HOLLY\Cookies\NYY50X9I.txt [ Cookie:holly@indieclick.com/ ]
C:\USERS\HOLLY\Cookies\FT5SKT9W.txt [ Cookie:holly@d.mediadakine.com/ ]
C:\USERS\HOLLY\Cookies\4G3W9B5H.txt [ Cookie:holly@questionmarket.com/ ]
C:\USERS\HOLLY\Cookies\5OX73EZH.txt [ Cookie:holly@accounts.google.com/ ]
C:\USERS\HOLLY\Cookies\8JFI0TYL.txt [ Cookie:holly@pro-market.net/ ]
C:\USERS\HOLLY\Cookies\1QEQ1MRE.txt [ Cookie:holly@bevelwise.rotator.hadj7.adjuggler.net/ ]
C:\USERS\HOLLY\Cookies\1V4ZG000.txt [ Cookie:holly@content.yieldmanager.com/ ]
C:\USERS\HOLLY\Cookies\3JY666ME.txt [ Cookie:holly@mediatraffic.com/ ]
C:\USERS\HOLLY\Cookies\GNQ16LT3.txt [ Cookie:holly@pointroll.com/ ]
C:\USERS\HOLLY\Cookies\SFAPFS7V.txt [ Cookie:holly@boom-find.com/click/ ]
C:\USERS\HOLLY\Cookies\P3A5A14L.txt [ Cookie:holly@miva.cinomedia.com/ ]
C:\USERS\HOLLY\Cookies\T5NXM8NI.txt [ Cookie:holly@adserver.adtechus.com/ ]
C:\USERS\HOLLY\Cookies\FJPG9U0O.txt [ Cookie:holly@awesome-find.com/click/ ]
C:\USERS\HOLLY\Cookies\ZP7DJO1M.txt [ Cookie:holly@yieldmanager.net/ ]
C:\USERS\HOLLY\Cookies\DJS49S34.txt [ Cookie:holly@findsimle.com/ ]
C:\USERS\HOLLY\Cookies\KDGVH0G5.txt [ Cookie:holly@findesop.com/ ]
C:\USERS\HOLLY\Cookies\MB94D7FU.txt [ Cookie:holly@malakmedia.com/ ]
C:\USERS\HOLLY\Cookies\P45OOZV7.txt [ Cookie:holly@www.findallofittoday.com/ ]
C:\USERS\HOLLY\Cookies\E0WPZ0Z1.txt [ Cookie:holly@adserver2.eclickz.com/ ]
C:\USERS\HOLLY\Cookies\7IIMQWC5.txt [ Cookie:holly@blog.chitika.com/ ]
C:\USERS\HOLLY\Cookies\OVSPVODL.txt [ Cookie:holly@fromtofind.com/ ]
C:\USERS\HOLLY\Cookies\2SL80N1Z.txt [ Cookie:holly@adtech.de/ ]
C:\USERS\HOLLY\Cookies\V5JDO7XX.txt [ Cookie:holly@mm.chitika.net/ ]
C:\USERS\HOLLY\Cookies\2UKYXPJM.txt [ Cookie:holly@a1.interclick.com/ ]
C:\USERS\HOLLY\Cookies\D90AFD6A.txt [ Cookie:holly@adxpose.com/ ]
C:\USERS\HOLLY\Cookies\Q5TTR7F3.txt [ Cookie:holly@clicks.thespecialsearch.com/ ]
C:\USERS\HOLLY\Cookies\ATUC9XHH.txt [ Cookie:holly@findology.com/ ]
C:\USERS\HOLLY\Cookies\V6547A7J.txt [ Cookie:holly@mediaservices-d.openxenterprise.com/ ]
C:\USERS\HOLLY\Cookies\FQDCO5A8.txt [ Cookie:holly@collective-media.net/ ]
C:\USERS\HOLLY\Cookies\S2VIEF7V.txt [ Cookie:holly@findedclik.com/ ]
C:\USERS\HOLLY\Cookies\075JCVMP.txt [ Cookie:holly@lokyfind.com/ ]
C:\USERS\HOLLY\Cookies\EOAUA6ND.txt [ Cookie:holly@atwola.com/ ]
C:\USERS\HOLLY\Cookies\U0B9TC0V.txt [ Cookie:holly@media.adfrontiers.com/ ]
C:\USERS\HOLLY\Cookies\578XV9XZ.txt [ Cookie:holly@chitika.com/ ]
C:\USERS\HOLLY\Cookies\H028SG6Q.txt [ Cookie:holly@media6degrees.com/ ]
C:\USERS\HOLLY\Cookies\DA3SS0C4.txt [ Cookie:holly@pennyfinder.com/ ]
C:\USERS\HOLLY\Cookies\AH7K3ZTG.txt [ Cookie:holly@invitemedia.com/ ]
C:\USERS\HOLLY\Cookies\LSKVW1AR.txt [ Cookie:holly@ad.yieldmanager.com/ ]
C:\USERS\HOLLY\Cookies\OSBCHY7L.txt [ Cookie:holly@advertise.com/ ]
C:\USERS\HOLLY\Cookies\X2ZAJZ5Y.txt [ Cookie:holly@lucidmedia.com/ ]
C:\USERS\HOLLY\Cookies\V6HG4X7L.txt [ Cookie:holly@at.atwola.com/ ]
C:\USERS\HOLLY\Cookies\SV07B70L.txt [ Cookie:holly@isourcecenter.com/click/ ]
C:\USERS\HOLLY\Cookies\FAY5BPK9.txt [ Cookie:holly@banners.trafficengine.net/ ]
C:\USERS\HOLLY\Cookies\TTGCTU77.txt [ Cookie:holly@revsci.net/ ]
C:\USERS\HOLLY\Cookies\FEENR2RH.txt [ Cookie:holly@interclick.com/ ]
C:\USERS\HOLLY\Cookies\6MOLKWQV.txt [ Cookie:holly@indigo-search.com/click/ ]
C:\USERS\HOLLY\Cookies\1V82UH8G.txt [ Cookie:holly@weborama.fr/ ]
C:\USERS\HOLLY\Cookies\0W0HAMKX.txt [ Cookie:holly@click.scour.com/ ]
C:\USERS\HOLLY\Cookies\HX2P4TS6.txt [ Cookie:holly@adbrite.com/ ]
C:\USERS\HOLLY\Cookies\91F8GYG3.txt [ Cookie:holly@amazon-adsystem.com/ ]
C:\USERS\HOLLY\Cookies\2SY0Y9AI.txt [ Cookie:holly@tacoda.at.atwola.com/ ]
C:\USERS\HOLLY\Cookies\6KZ5SG5H.txt [ Cookie:holly@ads.pointroll.com/ ]
C:\USERS\HOLLY\Cookies\NUXKSEKT.txt [ Cookie:holly@mifind.net/ ]
C:\USERS\HOLLY\Cookies\G8Y5ASQY.txt [ Cookie:holly@server.cpmstar.com/ ]
C:\USERS\HOLLY\Cookies\CL8TOAHU.txt [ Cookie:holly@imrworldwide.com/cgi-bin ]
C:\USERS\HOLLY\Cookies\R4V5LZSS.txt [ Cookie:holly@perfind.net/ ]
C:\USERS\HOLLY\Cookies\DH1UDJBR.txt [ Cookie:holly@goclicker.com/ ]
C:\USERS\HOLLY\Cookies\1EU8D0BK.txt [ Cookie:holly@optimize.indieclick.com/ ]
C:\USERS\HOLLY\Cookies\NKH8QFHZ.txt [ Cookie:holly@cn.clickable.net/ ]
- Status