Jump to content
IObit Forum
Top Free Driver Updater Tools Best 25 PC Optimization Software Best 22 Antimalware Best 22 Uninstaller Software IObit Coupons & Discount Offers PC Optimizer Mac Boost Advice IObit Coupons A Good Utility Program From IObit IObit Promo Codes IObit Coupon Codes IObit Coupons and Deals FAQs Driver Booster Pro Review

Confused!

nettie209

By nettie209
in Spyware-Malware Removal Help!

Recommended Posts

nettie209 Newbie

nettie209

Posted
Posted

Did a HiJack scan today and now I'm lost with what to do or even where to post this .... in short CAN SOMEONE PLEASE HELP ME READ THIS and let me know if I'm posting it in the right place.... Thanks Happy Holidays, nettie209 :!: N E ways here is my scan :

 

Logfile of IObit HijackScan v1.0.2.0

Scan saved at 14:19:11, on 2010-12-20

 

Running processes:

C:\Windows\System32\smss.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

c:\Program Files\Microsoft Security Essentials\MsMpEng.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Stardock\MyColors\VistaSrv.exe

C:\Program Files\Stardock\MyColors\WBVista.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Windows\system32\agrsmsvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\FreezeScreenSaver.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Program Files\Common Files\Motive\McciServiceHost.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

C:\Program Files\The Weather Channel FW\Screensaver\TWCScreensaverUpdater.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Windows Live\Mesh\WLSync.exe

C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

C:\Program Files\Stardock\ObjectDockFree\ObjectDock.exe

C:\Users\Owner\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe

C:\Program Files\Windows Live\Mesh\MOE.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe

C:\Program Files\IObit\IObit Security 360\is360.exe

C:\Program Files\IObit\IObit Security 360\is360tray.exe

C:\Program Files\IObit\IObit Security 360\IS360srv.exe

C:\Program Files\IObit\IObit Security 360\a_hijackscan.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\taskeng.exe

 

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll

O2 - BHO: IEPlugin Class - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\Program Files\ArcSoft\MEDIAC~1\INTERN~1\ARCURL~1.DLL

O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll

O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Yahooo Search Protection - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll

O2 - BHO: CescrtHlpr Object - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.17.1\bh\facemoods.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: TMZ Toolbar Loader - {9391af7a-7e55-4787-9538-4849787a052e} - C:\Program Files\TMZ Toolbar\tmztb.dll

O2 - BHO: PageRage Toolbar - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\tbPage.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll

O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll

O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll

O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll

O3 - Toolbar: TMZ Toolbar - {57bd111f-adfe-4659-948a-94817376583f} - C:\Program Files\TMZ Toolbar\tmztb.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll

O3 - Toolbar: LimeWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} -

O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll

O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll

O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll

O3 - Toolbar: facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.1\facemoodsTlbr.dll

O3 - Toolbar: PageRage Toolbar - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\tbPage.dll

O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: IncrediMail MediaBar 2 Toolbar - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\tbIncr.dll

O4 - HKCU|\Software\Microsoft\Windows\CurrentVersion\Run\: [WLSync] "C:\Program Files\Windows Live\Mesh\WLSync.exe" /background

O4 - HKCU|\Software\Microsoft\Windows\CurrentVersion\Run\: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

O4 - HKCU|\Software\Microsoft\Windows\CurrentVersion\Run\: [ObjectDock.exe] C:\Program Files\Stardock\ObjectDockFree\ObjectDock.exe

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [iObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart

O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} -

O9 - Extra button: Desktop Notes - {035E680E-B668-472F-91F3-E850BCC5051F} - C:\Program Files\Crawler\Notes\CNotes.exe

O9 - Extra button: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Crawler\Notes\CNotes.exe

O9 - Extra button: Crawler Smileys - {16FE352D-F643-4A81-BC61-2C051F3A757D} - C:\Program Files\Crawler\Notes\CNotes.exe

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Crawler\Notes\CNotes.exe

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Crawler\Notes\CNotes.exe

O9 - Extra button: Crawler eCards - {82E2B317-7C9C-4F12-B920-AC37D928CD43} - C:\Program Files\Crawler\Notes\CNotes.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Crawler\Notes\CNotes.exe

O9 - Extra button: Crawler Weather - {B1CF6225-211E-4B4C-B466-5F224E348FF3} - C:\Program Files\Crawler\Weather\CWeather.exe

O9 - Extra button: Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Crawler\Weather\CWeather.exe

O9 - Extra button: Radio && MP3 Player - {C461FBFE-C0DE-4757-89DD-A5A833B9AC1F} - C:\Program Files\Crawler\Radio\CRadio.exe

O9 - Extra button: Crawler Screensaver - {CDAFD956-97BE-443D-8EF7-F4F094EB5766} - C:\Program Files\Crawler\SSaver\CSSaver.exe

O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10}Microsoft.wlsc.WrapperAX.2 - http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}Java Plug-in 1.6.0_23 - http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}Java Plug-in 1.6.0_23 - http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}Java Plug-in 1.6.0_23 - http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe

O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

O23 - Service: Apple Mobile Device (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: DCOM Server Process Launcher (DcomLaunch) - Unknown -

O23 - Service: Diagnostic Policy Service (DPS) - Unknown -

O23 - Service: Windows Media Center Service Launcher (ehstart) - Unknown - %windir%\system32\svchost.exe

O23 - Service: FreezeScreenSaver (FreezeScreenSaver) - Unknown - C:\Windows\system32\FreezeScreenSaver.exe

O23 - Service: GameConsoleService (GameConsoleService) - WildTangent, Inc. - C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe

O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Group Policy Client (gpsvc) - Unknown -

O23 - Service: Google Update Service (gupdate1c997c4a9dc4529) (gupdate1c997c4a9dc4529) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Windows CardSpace (idsvc) - Unknown - %systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

O23 - Service: iPod Service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: McciCMService (McciCMService) - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe

O23 - Service: McciServiceHost (McciServiceHost) - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciServiceHost.exe

O23 - Service: Net.Tcp Port Sharing Service (NetTcpPortSharing) - Unknown - %systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

O23 - Service: Quality Windows Audio Video Experience (QWAVE) - Unknown - %windir%\system32\svchost.exe

O23 - Service: Remote Procedure Call (RPC) (RpcSs) - Unknown -

O23 - Service: Security Accounts Manager (SamSs) - Unknown -

O23 - Service: Secondary Logon (seclogon) - Unknown - %windir%\system32\svchost.exe

O23 - Service: ServiceLayer (ServiceLayer) - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: StumbleUponUpdateService (StumbleUponUpdateService) - stumbleupon.com - C:\Program Files\StumbleUpon\StumbleUponUpdateService.exe

O23 - Service: Distributed Link Tracking Client (TrkWks) - Unknown -

O23 - Service: Windows Modules Installer (TrustedInstaller) - Unknown -

O23 - Service: Diagnostic Service Host (WdiServiceHost) - Unknown -

O23 - Service: Diagnostic System Host (WdiSystemHost) - Unknown -

O23 - Service: Stardock WindowBlinds (WindowBlinds) - Stardock Corporation - C:\Program Files\Stardock\MyColors\VistaSrv.exe

O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown - %ProgramFiles%\Windows Media Player\wmpnetwk.exe

O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

O23 - Service: IS360service (IS360service) - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe

Link to comment
Share on other sites
Superdave Newbie

Superdave

Posted
Posted

Hello and welcome to IOBit Forums. My name is Dave. I will be helping you out with your particular problem on your computer.

 

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.

2. The fixes are specific to your problem and should only be used for this issue on this machine.

3. If you don't know or understand something, please don't hesitate to ask.

4. Please DO NOT run any other tools or scans while I am helping you.

5. It is important that you reply to this thread. Do not start a new topic.

6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

7. Absence of symptoms does not mean that everything is clear.

 

Please uninstall Crawler from your computer. It is adware

Also, it would help if you tell me what problems you are having with your computer.

 

SUPERAntiSpyware

 

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

 

Download SuperAntispyware Free Edition (SAS)

* Double-click the icon on your desktop to run the installer.

* When asked to Update the program definitions, click Yes

* If you encounter any problems while downloading the updates, manually download and unzip them from here

* Next click the Preferences button.

 

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts

* Click the Scanning Control tab.

* Under Scanner Options make sure only the following are checked:

 

•Close browsers before scanning

•Scan for tracking cookies

•Terminate memory threats before quarantining

Please leave the others unchecked

 

•Click the Close button to leave the control center screen.

 

* On the main screen click Scan your computer

* On the left check the box for the drive you are scanning.

* On the right choose Perform Complete Scan

* Click Next to start the scan. Please be patient while it scans your computer.

* After the scan is complete a summary box will appear. Click OK

* Make sure everything in the white box has a check next to it, then click Next

* It will quarantine what it found and if it asks if you want to reboot, click Yes

 

•To retrieve the removal information please do the following:

•After reboot, double-click the SUPERAntiSpyware icon on your desktop.

•Click Preferences. Click the Statistics/Logs tab.

 

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

 

•It will open in your default text editor (preferably Notepad).

•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

 

* Save the log somewhere you can easily find it. (normally the desktop)

* Click close and close again to exit the program.

*Copy and Paste the log in your post.

*********************************************

 

 

Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

 

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

*************************************************

Download Security Check by screen317 from one of the following links and save it to your desktop.

 

Link 1

Link 2

 

* Unzip SecurityCheck.zip and a folder named Security Check should appear.

* Open the Security Check folder and double-click Security Check.bat

* Follow the on-screen instructions inside of the black box.

* A Notepad document should open automatically called checkup.txt

* Post the contents of that document in your next reply.

 

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

Link to comment
Share on other sites
  • 2 weeks later...
nettie209 Newbie

nettie209

Posted
  • Author
Posted

Not Confused Anymore

 

Hi Superdave:

 

Well I finally got around to running the 3 fixes you suggested. :oops: The holiday had me running 10 different ways so that is why I am only now responding to your reply. N E Way... I installed the SuperAntispyware and and ran a full scan & here is the log from that:

 

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 01/04/2011 at 04:10 AM

 

Application Version : 4.47.1000

 

Core Rules Database Version : 6124

Trace Rules Database Version: 3936

 

Scan type : Complete Scan

Total Scan Time : 06:01:18

 

Memory items scanned : 889

Memory threats detected : 0

Registry items scanned : 10814

Registry threats detected : 0

File items scanned : 434895

File threats detected : 280

 

Adware.Tracking Cookie

C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@ad.wsod[2].txt

C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@lfstmedia[2].txt

C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@adserver.adtechus[1].txt

C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@ad.yieldmanager[2].txt

C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@invitemedia[1].txt

a.ads2.msads.net [ C:\Users\Guest\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\VN22FETA ]

ads2.msads.net [ C:\Users\Guest\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\VN22FETA ]

b.ads2.msads.net [ C:\Users\Guest\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\VN22FETA ]

C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@ad.wsod[2].txt

C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@ad.yieldmanager[1].txt

C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@ad2.popcap[2].txt

C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@adbrite[2].txt

C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@adecn[2].txt

C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@ads.pointroll[1].txt

C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@advertising[1].txt

C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@ar.atwola[2].txt

C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@ar.atwola[3].txt

C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@at.atwola[1].txt

C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@atdmt[2].txt

C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@atwola[2].txt

C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@bs.serving-sys[1].txt

C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@cdn.at.atwola[1].txt

C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@content.yieldmanager[2].txt

C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@content.yieldmanager[3].txt

C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@doubleclick[1].txt

C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@imrworldwide[2].txt

C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@microsoftsto.112.2o7[1].txt

C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@pointroll[2].txt

C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@popcapgames.122.2o7[1].txt

C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@revsci[1].txt

C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@serving-sys[1].txt

C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@tacoda[1].txt

C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@yieldmanager[2].txt

C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@interclick[2].txt

.at.atwola.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\oentsyu4.default\cookies.sqlite ]

.atwola.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\oentsyu4.default\cookies.sqlite ]

.tacoda.net [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\oentsyu4.default\cookies.sqlite ]

.tacoda.net [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\oentsyu4.default\cookies.sqlite ]

.tacoda.net [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\oentsyu4.default\cookies.sqlite ]

.advertising.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\oentsyu4.default\cookies.sqlite ]

.at.atwola.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\oentsyu4.default\cookies.sqlite ]

.advertising.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\oentsyu4.default\cookies.sqlite ]

.advertising.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\oentsyu4.default\cookies.sqlite ]

.advertising.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\oentsyu4.default\cookies.sqlite ]

.advertising.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\oentsyu4.default\cookies.sqlite ]

.interclick.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\oentsyu4.default\cookies.sqlite ]

.interclick.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\oentsyu4.default\cookies.sqlite ]

.doubleclick.net [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\oentsyu4.default\cookies.sqlite ]

ad.yieldmanager.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\oentsyu4.default\cookies.sqlite ]

ad.yieldmanager.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\oentsyu4.default\cookies.sqlite ]

.questionmarket.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\oentsyu4.default\cookies.sqlite ]

.invitemedia.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\oentsyu4.default\cookies.sqlite ]

.invitemedia.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\oentsyu4.default\cookies.sqlite ]

.invitemedia.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\oentsyu4.default\cookies.sqlite ]

.invitemedia.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\oentsyu4.default\cookies.sqlite ]

.invitemedia.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\oentsyu4.default\cookies.sqlite ]

.adbrite.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\oentsyu4.default\cookies.sqlite ]

.atdmt.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\oentsyu4.default\cookies.sqlite ]

.atdmt.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\oentsyu4.default\cookies.sqlite ]

.specificclick.net [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\oentsyu4.default\cookies.sqlite ]

.specificclick.net [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\oentsyu4.default\cookies.sqlite ]

.specificclick.net [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\oentsyu4.default\cookies.sqlite ]

.specificclick.net [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\oentsyu4.default\cookies.sqlite ]

.specificmedia.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\oentsyu4.default\cookies.sqlite ]

cdn4.specificclick.net [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\oentsyu4.default\cookies.sqlite ]

cdn4.specificclick.net [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\oentsyu4.default\cookies.sqlite ]

cdn4.specificclick.net [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\oentsyu4.default\cookies.sqlite ]

cdn4.specificclick.net [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\oentsyu4.default\cookies.sqlite ]

.collective-media.net [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\oentsyu4.default\cookies.sqlite ]

.questionmarket.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\oentsyu4.default\cookies.sqlite ]

ad.yieldmanager.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\oentsyu4.default\cookies.sqlite ]

.trafficmp.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\oentsyu4.default\cookies.sqlite ]

.trafficmp.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\oentsyu4.default\cookies.sqlite ]

.trafficmp.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\oentsyu4.default\cookies.sqlite ]

.trafficmp.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\oentsyu4.default\cookies.sqlite ]

.trafficmp.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\oentsyu4.default\cookies.sqlite ]

.realmedia.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\oentsyu4.default\cookies.sqlite ]

.realmedia.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\oentsyu4.default\cookies.sqlite ]

.invitemedia.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\oentsyu4.default\cookies.sqlite ]

.247realmedia.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\oentsyu4.default\cookies.sqlite ]

.ads.pointroll.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\oentsyu4.default\cookies.sqlite ]

.pointroll.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\oentsyu4.default\cookies.sqlite ]

.pointroll.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\oentsyu4.default\cookies.sqlite ]

.ads.pointroll.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\oentsyu4.default\cookies.sqlite ]

.ads.pointroll.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\oentsyu4.default\cookies.sqlite ]

.ads.pointroll.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\oentsyu4.default\cookies.sqlite ]

.ads.pointroll.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\oentsyu4.default\cookies.sqlite ]

.ads.pointroll.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\oentsyu4.default\cookies.sqlite ]

.ads.pointroll.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\oentsyu4.default\cookies.sqlite ]

.trafficmp.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\oentsyu4.default\cookies.sqlite ]

.atdmt.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\oentsyu4.default\cookies.sqlite ]

.yieldmanager.net [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\oentsyu4.default\cookies.sqlite ]

.imrworldwide.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\oentsyu4.default\cookies.sqlite ]

.imrworldwide.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\oentsyu4.default\cookies.sqlite ]

ad.yieldmanager.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.lfstmedia.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.media.adfrontiers.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.adbrite.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.adecn.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.trafficmp.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.atdmt.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.trafficmp.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.trafficmp.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.trafficmp.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.advertising.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.content.yieldmanager.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.media.adfrontiers.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.trafficmp.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.trafficmp.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.trafficmp.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.trafficmp.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.trafficmp.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.trafficmp.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.atdmt.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.invitemedia.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

cdn1.trafficmp.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

cdn1.trafficmp.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.specificmedia.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.questionmarket.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.questionmarket.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.ru4.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.ru4.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.lfstmedia.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.imrworldwide.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.adxpose.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.lucidmedia.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.tribalfusion.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.adbrite.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.media6degrees.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.pro-market.net [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.doubleclick.net [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.yieldmanager.net [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.casalemedia.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.invitemedia.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.invitemedia.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.casalemedia.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.casalemedia.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.casalemedia.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.casalemedia.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.casalemedia.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.casalemedia.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.casalemedia.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.roiservice.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

statse.webtrendslive.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.app.insightgrit.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.revsci.net [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.revsci.net [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.revsci.net [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.revsci.net [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.collective-media.net [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.collective-media.net [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.collective-media.net [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.collective-media.net [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.collective-media.net [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.collective-media.net [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.advertising.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.advertising.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.advertising.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.media6degrees.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.media6degrees.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.specificclick.net [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.specificclick.net [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.specificclick.net [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.specificclick.net [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.ads.pointroll.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.pointroll.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.http://www.burstnet.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.imrworldwide.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.adbrite.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.adbrite.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

ads.bridgetrack.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

ads.bridgetrack.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

ads.bridgetrack.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

ads.bridgetrack.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.adbrite.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.adbrite.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.adbrite.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.invitemedia.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.pointroll.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.ads.pointroll.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.ads.pointroll.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.ads.pointroll.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.ads.pointroll.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.ads.pointroll.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.ads.pointroll.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.popcapgames.122.2o7.net [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.invitemedia.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.invitemedia.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.invitemedia.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.invitemedia.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.bs.serving-sys.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.serving-sys.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.serving-sys.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.serving-sys.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.serving-sys.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.serving-sys.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.serving-sys.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.serving-sys.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.counttonine.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.counttonine.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.counttonine.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

http://www.counttonine.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.interclick.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.interclick.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.a1.interclick.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.a1.interclick.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.a1.interclick.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.a1.interclick.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.a1.interclick.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.a1.interclick.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.counttonine.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.tacoda.at.atwola.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.tacoda.at.atwola.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.tacoda.at.atwola.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.tacoda.at.atwola.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.atwola.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.advertising.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.advertising.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.at.atwola.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.at.atwola.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.content.yieldmanager.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

ad.yieldmanager.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.ru4.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.ru4.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.ru4.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

ad.yieldmanager.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.invitemedia.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

ad.yieldmanager.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.lfstmedia.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

ad.yieldmanager.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

ad.yieldmanager.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

ad.yieldmanager.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

ad.yieldmanager.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

ad.yieldmanager.com [ C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

a.ads2.msads.net [ C:\Users\Owner\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\SDBQ5A7L ]

ads2.msads.net [ C:\Users\Owner\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\SDBQ5A7L ]

b.ads2.msads.net [ C:\Users\Owner\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\SDBQ5A7L ]

broadcast.piximedia.fr [ C:\Users\Owner\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\SDBQ5A7L ]

cdn.insights.gravity.com [ C:\Users\Owner\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\SDBQ5A7L ]

cdn.media.theview.tv [ C:\Users\Owner\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\SDBQ5A7L ]

cdn4.specificclick.net [ C:\Users\Owner\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\SDBQ5A7L ]

cdn5.specificclick.net [ C:\Users\Owner\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\SDBQ5A7L ]

convoad.technoratimedia.com [ C:\Users\Owner\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\SDBQ5A7L ]

convoad.technoratimedia.net [ C:\Users\Owner\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\SDBQ5A7L ]

core.insightexpressai.com [ C:\Users\Owner\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\SDBQ5A7L ]

games.mochimedia.com [ C:\Users\Owner\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\SDBQ5A7L ]

hs.interpolls.com [ C:\Users\Owner\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\SDBQ5A7L ]

ia.media-imdb.com [ C:\Users\Owner\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\SDBQ5A7L ]

imagec05.247realmedia.com [ C:\Users\Owner\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\SDBQ5A7L ]

interclick.com [ C:\Users\Owner\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\SDBQ5A7L ]

m1.2mdn.net [ C:\Users\Owner\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\SDBQ5A7L ]

macromedia.com [ C:\Users\Owner\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\SDBQ5A7L ]

media.blip.fm [ C:\Users\Owner\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\SDBQ5A7L ]

media.doctoroz.com [ C:\Users\Owner\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\SDBQ5A7L ]

media.ign.com [ C:\Users\Owner\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\SDBQ5A7L ]

media.mtvnservices.com [ C:\Users\Owner\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\SDBQ5A7L ]

media.mtvu.com [ C:\Users\Owner\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\SDBQ5A7L ]

media.nbcbayarea.com [ C:\Users\Owner\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\SDBQ5A7L ]

media.scanscout.com [ C:\Users\Owner\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\SDBQ5A7L ]

media.snagajob.com [ C:\Users\Owner\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\SDBQ5A7L ]

media.socialvibe.com [ C:\Users\Owner\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\SDBQ5A7L ]

media01.kyte.tv [ C:\Users\Owner\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\SDBQ5A7L ]

media1.break.com [ C:\Users\Owner\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\SDBQ5A7L ]

media1.clubpenguin.com [ C:\Users\Owner\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\SDBQ5A7L ]

mediaforgews.com [ C:\Users\Owner\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\SDBQ5A7L ]

mediastore.verizonwireless.com [ C:\Users\Owner\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\SDBQ5A7L ]

msnbcmedia.msn.com [ C:\Users\Owner\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\SDBQ5A7L ]

msntest.serving-sys.com [ C:\Users\Owner\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\SDBQ5A7L ]

objects.tremormedia.com [ C:\Users\Owner\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\SDBQ5A7L ]

rmd.atdmt.com [ C:\Users\Owner\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\SDBQ5A7L ]

s0.2mdn.net [ C:\Users\Owner\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\SDBQ5A7L ]

secure-us.imrworldwide.com [ C:\Users\Owner\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\SDBQ5A7L ]

serving-sys.com [ C:\Users\Owner\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\SDBQ5A7L ]

static.2mdn.net [ C:\Users\Owner\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\SDBQ5A7L ]

udn.specificclick.net [ C:\Users\Owner\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\SDBQ5A7L ]

yo.static.presidiomedia.com [ C:\Users\Owner\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\SDBQ5A7L ]

C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@ad.wsod[2].txt

C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@microsoftwindows.112.2o7[1].txt

 

Adware.MyWebSearch/FunWebProducts

C:\$RECYCLE.BIN\S-1-5-21-3917738136-2676680180-1288316716-1000\$RML8PL5.PART

 

BearShare File Sharing Client

C:\PROGRAM FILES\BEARSHARE APPLICATIONS\BEARSHARE\BEARSHARE.EXE

 

After running the scan I did remove all threats that were found.

 

I also already had MalWarebytes' Anti-Malware installed so I ran a full scan and as well here is the result log: (no issues)

 

Malwarebytes' Anti-Malware 1.50.1.1100

http://www.malwarebytes.org

 

Database version: 5461

 

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18999

 

1/4/2011 10:24:36 PM

mbam-log-2011-01-04 (22-24-36).txt

 

Scan type: Full scan (C:\|D:\|)

Objects scanned: 627669

Time elapsed: 4 hour(s), 30 minute(s), 50 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

(No malicious items detected)

 

 

 

 

Last but not least the Security Check results:

 

 

 

Results of screen317's Security Check version 0.99.8

Windows Vista Service Pack 2 (UAC is enabled)

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

Microsoft Security Essentials

WMI entry may not exist for antivirus; attempting automatic update.

Microsoft Security Essentials successfully updated!

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

CCleaner

Java 6 Update 23

Java SE Runtime Environment 6 Update 1

Adobe Flash Player 10.1.102.64

Adobe Reader X

````````````````````````````````

Process Check:

objlist.exe by Laurent

Windows Defender MSMpEng.exe

``````````End of Log````````````

 

 

 

Before I posted my ("Confused") post, I was experiencing problems with my browsers, they were not responding at all. That was what prompted me to run a scan in the first place but somewhere in between doing research on the internet and asking for help I figured out what was wrong with my browsers. It was Avant Internet Security preventing my browsers from opening. I read a post that that's what it might be and sure enough as soon as I unistalled Avast "magic" problem solved!!!!!!! :wink: So basically that was the extent of my issues and I don't think I need anymore help at the moment, unless of course, you find something wrong with the scan info that I sent you. But everything looks good as far as I can see... Thank you for your prompt response and suggestions, I truly appreciate it....

 

 

nettie209

Link to comment
Share on other sites
Superdave Newbie

Superdave

Posted
Posted

The scans did remove a lot of junk but nothing serious. I would like to run a few more scans to see if there is anything left on your computer.

 

Please download ComboFix http://img7.imageshack.us/img7/4930/combofix.gif from BleepingComputer.com

 

Alternate link: GeeksToGo.com

 

Rename ComboFix.exe to commy.exe before you save it to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here

Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.

When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

 

If you have problems with ComboFix usage, see How to use ComboFix

Link to comment
Share on other sites
nettie209 Newbie

nettie209

Posted
  • Author
Posted

Part 1 of ComboFix Scan

 

Part 1 of scan

 

ComboFix 11-01-07.01 - Owner 01/08/2011 1:51.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2039.1094 [GMT -8:00]

Running from: c:\users\Owner\Desktop\commy.exe

AV: Microsoft Security Essentials *Disabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}

SP: IObit Security 360 *Disabled/Updated* {FAE2835A-B90A-9E7A-85DA-82DBDA7C1E3A}

SP: Microsoft Security Essentials *Disabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\program files\facemoods.com

c:\program files\facemoods.com\facemoods\1.4.17.1\bh\facemoods.dll

c:\program files\facemoods.com\facemoods\1.4.17.1\facemoods.crx

c:\program files\facemoods.com\facemoods\1.4.17.1\facemoods.png

c:\program files\facemoods.com\facemoods\1.4.17.1\facemoodsApp.dll

c:\program files\facemoods.com\facemoods\1.4.17.1\facemoodsEng.dll

c:\program files\facemoods.com\facemoods\1.4.17.1\facemoodssrv.exe

c:\program files\facemoods.com\facemoods\1.4.17.1\facemoodsTlbr.dll

c:\program files\facemoods.com\facemoods\1.4.17.1\uninstall.exe

c:\program files\Mozilla Firefox\searchplugins\SearchquWebSearch.xml

c:\program files\RegGenie

c:\program files\RegGenie\Backups\40214.671175463

c:\program files\RegGenie\RegGenie.ini

c:\programdata\Microsoft\Network\Downloader\qmgr0.dat

c:\programdata\Microsoft\Network\Downloader\qmgr1.dat

c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\o5j1ekxn.default\searchplugins\SearchquWebSearch.xml

c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\o5j1ekxn.default\searchqutb

c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\o5j1ekxn.default\searchqutb\preferences.dat

c:\windows\Downloaded Program Files\f3initialsetup1.0.1.0.inf

c:\windows\MailSwitch.ocx

c:\windows\system32\AutoRun.inf

c:\windows\system32\Install.txt

c:\windows\system32\service

c:\windows\system32\tmp.reg

D:\Autorun.inf

 

----- BITS: Possible infected sites -----

 

hxxp://update.flock.com

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_FreezeScreenSaver

 

 

((((((((((((((((((((((((( Files Created from 2010-12-08 to 2011-01-08 )))))))))))))))))))))))))))))))

.

 

2011-01-08 10:05 . 2011-01-08 10:05 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp

2011-01-08 10:05 . 2011-01-08 10:05 -------- d-----w- c:\users\Guest\AppData\Local\temp

2011-01-08 10:05 . 2011-01-08 10:05 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-01-07 22:59 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8084D59E-4605-47CD-ACDA-DA4E56C5CA40}\mpengine.dll

2011-01-07 09:25 . 2011-01-07 09:25 -------- d-----w- c:\program files\Zynga

2011-01-07 08:32 . 2011-01-07 08:32 -------- d-----w- c:\users\Owner\AppData\Local\AOL Toolbar

2011-01-04 05:37 . 2011-01-04 05:38 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-01-03 02:26 . 2011-01-03 02:26 18068992 ----a-w- c:\windows\system32\imageres.dll

2010-12-31 05:37 . 2010-12-31 05:37 -------- d-----w- c:\program files\AOL Toolbar

2010-12-31 05:37 . 2010-12-31 05:37 -------- d-----w- c:\programdata\AOL Toolbar

2010-12-31 05:37 . 2010-12-31 05:37 -------- d-----w- c:\program files\Common Files\Software Update Utility

2010-12-31 05:35 . 2010-12-31 05:39 -------- d-----w- c:\program files\AOL Desktop 9.6

2010-12-26 09:27 . 2010-12-26 09:27 -------- d-----w- c:\users\Owner\AppData\Local\Wild Tangent

2010-12-26 09:24 . 2010-12-26 09:24 -------- d-----w- c:\program files\WildGames

2010-12-26 09:13 . 2010-12-26 09:14 -------- d-----w- c:\program files\WildTangent Games

2010-12-22 03:09 . 2010-12-29 09:33 -------- d-----w- c:\users\Owner\AppData\Roaming\Philips-Songbird

2010-12-22 03:09 . 2010-12-22 03:09 -------- d-----w- c:\users\Owner\AppData\Local\Philips-Songbird

2010-12-20 23:06 . 2010-12-20 23:06 -------- d-----w- c:\program files\WOT

2010-12-20 11:12 . 2010-12-20 11:12 -------- d-----w- c:\program files\iPod

2010-12-20 11:12 . 2011-01-08 03:39 -------- d-----w- c:\program files\iTunes

2010-12-20 09:17 . 2010-12-20 09:17 -------- d-----w- c:\users\Owner\AppData\Local\Seesu

2010-12-20 02:58 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll

2010-12-20 02:27 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll

2010-12-20 02:25 . 2010-11-02 05:01 385024 ----a-w- c:\windows\system32\html.iec

2010-12-20 02:25 . 2010-11-02 05:57 109056 ----a-w- c:\windows\system32\iesysprep.dll

2010-12-20 02:25 . 2010-11-02 05:57 743424 ----a-w- c:\program files\Internet Explorer\iedvtool.dll

2010-12-20 02:25 . 2010-11-02 04:26 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2010-12-20 02:25 . 2010-11-02 05:57 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2010-12-20 02:25 . 2010-11-02 06:03 638232 ----a-w- c:\program files\Internet Explorer\iexplore.exe

2010-12-20 02:23 . 2009-03-08 11:32 72704 ----a-w- c:\windows\system32\admparse.dll

2010-12-20 02:23 . 2009-03-08 11:31 48128 ----a-w- c:\windows\system32\mshtmler.dll

2010-12-20 02:23 . 2009-03-08 11:33 18944 ----a-w- c:\windows\system32\corpol.dll

2010-12-20 02:23 . 2009-03-08 11:31 34816 ----a-w- c:\windows\system32\imgutil.dll

2010-12-20 02:23 . 2009-03-08 11:30 66560 ----a-w- c:\windows\system32\tdc.ocx

2010-12-20 02:23 . 2009-03-08 11:22 156160 ----a-w- c:\windows\system32\msls31.dll

2010-12-19 23:55 . 2010-12-19 23:57 -------- d-----w- c:\users\Owner\G-Force

2010-12-19 08:39 . 2009-07-27 15:00 1547776 ----a-w- c:\windows\system32\WMVDECOD.DLL

2010-12-18 07:15 . 2010-12-18 07:15 -------- d-----w- C:\$WINDOWS.~LS

2010-12-18 06:43 . 2010-12-18 08:49 -------- d-----w- C:\$UPGRADE.~OS

2010-12-18 06:39 . 2010-12-18 06:39 -------- d-----w- C:\$WINDOWS.~BT

2010-12-17 09:24 . 2010-12-17 09:29 -------- d-----w- c:\users\Owner\Video2

2010-12-17 09:24 . 2010-12-17 09:24 -------- d-----w- c:\users\Owner\RealPlayer Downloads

2010-12-15 05:38 . 2010-10-12 13:41 515584 ----a-w- c:\program files\Windows Mail\wab.exe

2010-12-15 05:38 . 2010-10-12 13:41 66048 ----a-w- c:\program files\Windows Mail\wabmig.exe

2010-12-15 05:37 . 2010-10-12 15:53 33280 ----a-w- c:\program files\Windows Mail\wabfind.dll

2010-12-15 05:37 . 2010-10-18 13:31 2038272 ----a-w- c:\windows\system32\win32k.sys

2010-12-15 05:37 . 2010-11-04 18:55 601600 ----a-w- c:\windows\system32\schedsvc.dll

2010-12-15 05:37 . 2010-11-04 18:55 352768 ----a-w- c:\windows\system32\taskschd.dll

2010-12-15 05:37 . 2010-11-04 18:56 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll

2010-12-15 05:37 . 2010-11-04 16:34 171520 ----a-w- c:\windows\system32\taskeng.exe

2010-12-15 05:37 . 2010-11-04 18:55 270336 ----a-w- c:\windows\system32\taskcomp.dll

2010-12-15 05:37 . 2010-10-18 13:37 81920 ----a-w- c:\windows\system32\consent.exe

2010-12-15 05:37 . 2010-10-28 15:44 34304 ----a-w- c:\windows\system32\atmlib.dll

2010-12-15 05:37 . 2010-10-28 13:27 292352 ----a-w- c:\windows\system32\atmfd.dll

2010-12-15 05:37 . 2010-06-16 15:30 72704 ----a-w- c:\windows\system32\fontsub.dll

2010-12-15 05:36 . 2010-10-28 13:20 2048 ----a-w- c:\windows\system32\tzres.dll

2010-12-15 05:36 . 2010-11-03 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

2010-12-13 09:29 . 2010-12-03 19:35 553696 ----a-w- c:\program files\Mozilla Firefox\uninstall\helper.exe

2010-12-13 09:29 . 2010-12-03 19:35 25048 ----a-w- c:\program files\Mozilla Firefox\components\browserdirprovider.dll

2010-12-13 09:29 . 2010-12-03 19:35 140248 ----a-w- c:\program files\Mozilla Firefox\components\brwsrcmp.dll

2010-12-12 10:48 . 2010-12-12 10:49 -------- d-----w- c:\program files\G-Force

2010-12-12 08:57 . 2010-12-12 08:57 -------- d-----w- c:\program files\WhiteCap

2010-12-12 06:46 . 2010-12-12 06:46 -------- d-----w- c:\program files\AVSociety

2010-12-11 08:07 . 2010-12-11 08:07 -------- d-----w- c:\program files\Winamp Detect

2010-12-11 08:06 . 2011-01-01 09:57 -------- d-----w- c:\users\Owner\AppData\Roaming\Winamp

2010-12-11 08:06 . 2010-12-12 10:57 -------- d-----w- c:\program files\Winamp

2010-12-09 10:47 . 2010-12-09 10:47 12800 ----a-w- c:\program files\Mozilla Firefox\plugins\npwachk.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-12-21 02:09 . 2008-09-07 23:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-12-21 02:08 . 2008-09-07 23:24 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-12-14 08:43 . 2007-04-17 20:52 58696 ----a-w- c:\windows\system32\AOLParconLink.exe

2010-12-02 03:35 . 2010-12-02 03:35 4280320 ----a-w- c:\windows\system32\GPhotos.scr

2010-11-30 19:24 . 2010-11-30 19:24 499712 ----a-w- c:\windows\system32\msvcp71.dll

2010-11-30 19:24 . 2010-11-30 19:24 348160 ----a-w- c:\windows\system32\msvcr71.dll

2010-11-30 01:38 . 2010-11-30 01:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-11-30 01:38 . 2010-11-30 01:38 69632 ----a-w- c:\windows\system32\QuickTime.qts

2010-11-13 02:53 . 2010-08-09 06:04 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-11-10 10:09 . 2010-11-10 10:09 88 ----a-w- c:\users\Owner\AppData\Local\GLF921B.tmp

2010-11-10 04:33 . 2010-08-19 08:17 6273872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2010-11-02 05:53 . 2010-11-02 05:53 194 ----a-w- c:\users\Owner\AppData\Local\GLFF9E1.tmp

2010-11-02 05:52 . 2010-11-02 05:51 216 ----a-w- c:\users\Owner\AppData\Local\GLFAAD4.tmp

2010-10-19 20:51 . 2009-10-02 23:33 222080 ------w- c:\windows\system32\MpSigStub.exe

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\tbZyng.dll" [2010-12-01 2735200]

 

[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]

2010-10-18 19:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]

2010-12-01 19:27 2735200 ----a-w- c:\program files\Zynga\tbZyng.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9565115d-c7d6-46d3-bd63-b67b481a4368}]

2010-10-18 19:26 3908192 ----a-w- c:\program files\PageRage\tbPage.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}]

2010-09-12 23:02 3863136 ----a-w- c:\program files\IncrediMail_MediaBar_2\tbIncr.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]

2010-10-14 17:56 194912 ------w- c:\program files\Yontoo Layers Client\YontooIEClient.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{9565115d-c7d6-46d3-bd63-b67b481a4368}"= "c:\program files\PageRage\tbPage.dll" [2010-10-18 3908192]

"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192]

"{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}"= "c:\program files\IncrediMail_MediaBar_2\tbIncr.dll" [2010-09-12 3863136]

"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\tbZyng.dll" [2010-12-01 2735200]

 

[HKEY_CLASSES_ROOT\clsid\{9565115d-c7d6-46d3-bd63-b67b481a4368}]

 

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

 

[HKEY_CLASSES_ROOT\clsid\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}]

 

[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{9565115D-C7D6-46D3-BD63-B67B481A4368}"= "c:\program files\PageRage\tbPage.dll" [2010-10-18 3908192]

"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192]

"{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}"= "c:\program files\IncrediMail_MediaBar_2\tbIncr.dll" [2010-09-12 3863136]

"{7B13EC3E-999A-4B70-B9CB-2617B8323822}"= "c:\program files\Zynga\tbZyng.dll" [2010-12-01 2735200]

 

[HKEY_CLASSES_ROOT\clsid\{9565115d-c7d6-46d3-bd63-b67b481a4368}]

 

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

 

[HKEY_CLASSES_ROOT\clsid\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}]

 

[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WLSync"="c:\program files\Windows Live\Mesh\WLSync.exe" [2010-09-23 1448800]

"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2010-11-05 6174008]

"ObjectDock.exe"="c:\program files\Stardock\ObjectDockFree\ObjectDock.exe" [2010-10-06 3768176]

"Flock Update"="c:\users\Owner\AppData\Local\Flock\Update\FlockUpdate.exe" [2011-01-06 136312]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-12-09 74752]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-14 421160]

"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2010-06-12 1280344]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-22 47904]

"HostManager"="c:\program files\Common Files\AOL\1217131525\ee\AOLSoftware.exe" [2010-03-08 41800]

"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2011-01-05 126976]

Link to comment
Share on other sites
nettie209 Newbie

nettie209

Posted
  • Author
Posted

Part 2 of ComboFix Scan

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-09-23 4240760]

 

c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

CNET TechTracker.lnk - c:\users\Owner\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe [2010-12-2 2621952]

OneNote Table Of Contents.onetoc2 [2008-11-25 3656]

Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDockFree\ObjectDock.exe [2010-10-6 3768176]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]

"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2010-06-22 202088]

"{1984D045-52CF-49cd-DB77-08F378FEA4DB}"= "c:\program files\Stardock\ObjectDockFree\ODMenu.dll" [2010-10-04 511344]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup

backupExtension=.CommonStartup

 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Personal Coach.lnk]

backup=c:\windows\pss\Personal Coach.lnk.CommonStartup

backupExtension=.CommonStartup

 

[HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^2WireSetup.lnk]

backup=c:\windows\pss\2WireSetup.lnk.Startup

backupExtension=.Startup

 

[HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^AOL Desktop.lnk]

path=c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AOL Desktop.lnk

backup=c:\windows\pss\AOL Desktop.lnk.Startup

backupExtension=.Startup

 

[HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]

backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup

backupExtension=.Startup

 

[HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Philips Digital Audio Player - Shortcut.lnk]

backup=c:\windows\pss\Philips Digital Audio Player - Shortcut.lnk.Startup

backupExtension=.Startup

 

[HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^StarOffice 8.lnk]

backup=c:\windows\pss\StarOffice 8.lnk.Startup

backupExtension=.Startup

 

[HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^WKCALREM.LNK]

path=c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WKCALREM.LNK

backup=c:\windows\pss\WKCALREM.LNK.Startup

backupExtension=.Startup

 

[HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Yahoo! Widgets.lnk]

backup=c:\windows\pss\Yahoo! Widgets.lnk.Startup

backupExtension=.Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-11-10 20:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-11-10 20:49 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]

2010-09-22 07:28 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]

2010-10-28 03:17 207424 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]

2007-09-30 00:00 122880 ------w- c:\program files\CyberLink\Power2Go\CLMLSvc.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CursorFX]

2010-03-23 14:17 417280 ----a-w- c:\program files\Stardock\CursorFX\CursorFX.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW6]

2010-04-16 19:25 818288 ----a-w- c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]

2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]

2011-01-05 09:15 126976 ----a-w- c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2009-11-02 08:10 135664 ----atw- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hiyo]

2010-10-28 07:40 238960 ----a-w- c:\program files\HiYo\Bin\HiYo.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]

2010-03-08 07:27 41800 ----a-w- c:\program files\Common Files\aol\1217131525\ee\aolsoftware.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2008-06-18 21:01 166424 ----a-w- c:\windows\System32\hkcmd.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2007-03-12 04:34 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]

2008-06-02 07:28 81920 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2008-06-18 21:01 141848 ----a-w- c:\windows\System32\igfxtray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]

2010-11-26 11:18 353736 ----a-w- c:\program files\IncrediMail\Bin\IncMail.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstallIQUpdater]

2010-07-07 15:20 1008128 ----a-w- c:\program files\W3i\InstallIQUpdater\InstallIQUpdater.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-12-14 01:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Magentic]

2008-08-04 16:51 488808 ----a-w- c:\progra~1\Magentic\bin\Magentic.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]

2010-11-05 05:04 6174008 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

2010-09-23 07:47 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSSE]

2010-09-15 11:34 1094224 ----a-w- c:\program files\Microsoft Security Essentials\msseces.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]

2010-02-01 09:12 2937528 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2008-06-18 21:01 133656 ----a-w- c:\windows\System32\igfxpers.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]

2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2008-09-30 03:45 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2010-11-23 07:50 274608 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WLSync]

2010-09-23 07:19 1448800 ----a-w- c:\program files\Windows Live\Mesh\WLSync.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YMailAdvisor]

2009-05-08 10:53 174424 ----a-w- c:\program files\Yahoo!\common\YMailAdvisor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]

2010-09-24 20:19 159472 ----a-w- c:\program files\Zune\ZuneLauncher.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3917738136-2676680180-1288316716-1000]

"EnableNotificationsRef"=dword:00000001

 

R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate1c997c4a9dc4529;Google Update Service (gupdate1c997c4a9dc4529);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-26 133104]

R3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-26 42368]

R3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]

R3 StumbleUponUpdateService;StumbleUponUpdateService;c:\program files\StumbleUpon\StumbleUponUpdateService.exe [2010-03-25 120232]

R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2010-09-24 268528]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]

S2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\IS360srv.exe [2010-06-12 312152]

S2 McciServiceHost;McciServiceHost;c:\program files\Common Files\Motive\McciServiceHost.exe [2009-09-15 299008]

S2 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

S3 netr73;Netopia RT73 Wireless Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2010-02-24 494368]

S3 RDPDISPM;RDPDISPM;c:\windows\system32\DRIVERS\rdpdispm.sys [2010-09-22 15488]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]

2009-03-08 11:32 128512 ----a-w- c:\windows\System32\advpack.dll

.

Contents of the 'Scheduled Tasks' folder

 

2011-01-08 c:\windows\Tasks\AutoSmartDefrag.job

- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-10-21 01:08]

 

2011-01-08 c:\windows\Tasks\AWC Startup.job

- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2010-10-20 00:19]

 

2011-01-08 c:\windows\Tasks\FlockUpdateTaskUserS-1-5-21-3917738136-2676680180-1288316716-1000Core.job

- c:\users\Owner\AppData\Local\Flock\Update\FlockUpdate.exe [2011-01-06 08:14]

 

2011-01-08 c:\windows\Tasks\FlockUpdateTaskUserS-1-5-21-3917738136-2676680180-1288316716-1000UA.job

- c:\users\Owner\AppData\Local\Flock\Update\FlockUpdate.exe [2011-01-06 08:14]

 

2011-01-08 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-07 06:28]

 

2011-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-26 03:44]

 

2011-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-26 03:44]

 

2011-01-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3917738136-2676680180-1288316716-1000Core.job

- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-09 08:10]

 

2011-01-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3917738136-2676680180-1288316716-1000UA.job

- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-09 08:10]

 

2011-01-03 c:\windows\Tasks\SmartDefrag.job

- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-10-21 01:08]

 

2011-01-08 c:\windows\Tasks\User_Feed_Synchronization-{989CF579-45A9-4BD1-AFF8-5C1FC94813FF}.job

- c:\windows\system32\msfeedssync.exe [2010-12-20 04:25]

 

2011-01-08 c:\windows\Tasks\User_Feed_Synchronization-{A6E80092-6C4E-4BA1-B6B7-BF5A0D16EABD}.job

- c:\windows\system32\msfeedssync.exe [2010-12-20 04:25]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.aol.com

mStart Page = hxxp://www.msn.com

uInternet Settings,ProxyOverride = *.local

IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage

FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\o5j1ekxn.default\

FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=20100727231402766&tb_oid=30-09-2009&tb_mrud=22-10-2010

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com

FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=60280&qkw=

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Add-ons Sidebar: addonssidebar@studio17.wordpress.com - %profile%\extensions\addonssidebar@studio17.wordpress.com

FF - Ext: Better Gmail 2: bettergmail2@ginatrapani.org - %profile%\extensions\bettergmail2@ginatrapani.org

FF - Ext: Virtus Search Opt-in: extension@virtusdesigns.com - %profile%\extensions\extension@virtusdesigns.com

FF - Ext: FacePAD: Facebook Photo Album Downloader: facepad@lazyrussian.com - %profile%\extensions\facepad@lazyrussian.com

FF - Ext: FBLayouts: fblayouts@hotlayouts2u.com - %profile%\extensions\fblayouts@hotlayouts2u.com

FF - Ext: feedly: feedly@devhd - %profile%\extensions\feedly@devhd

FF - Ext: Facemoods: ffxtlbr@Facemoods.com - %profile%\extensions\ffxtlbr@Facemoods.com

FF - Ext: meebo: firefox@meebo.com - %profile%\extensions\firefox@meebo.com

FF - Ext: Fotofox: fotofox@mozilla.com - %profile%\extensions\fotofox@mozilla.com

FF - Ext: glowywine: glowywine-ff3-30@glowplug.bitasylum.net - %profile%\extensions\glowywine-ff3-30@glowplug.bitasylum.net

FF - Ext: Multiple Tab Handler: multipletab@piro.sakura.ne.jp - %profile%\extensions\multipletab@piro.sakura.ne.jp

FF - Ext: Nuvola: NuvolaFF@paenglab.ch - %profile%\extensions\NuvolaFF@paenglab.ch

FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard

FF - Ext: Cooliris: piclens@cooliris.com - %profile%\extensions\piclens@cooliris.com

FF - Ext: Silvermel: silvermel@pardal.de - %profile%\extensions\silvermel@pardal.de

FF - Ext: Silvermel and Charamel XT: silvermelxt@pardal.de - %profile%\extensions\silvermelxt@pardal.de

FF - Ext: ColorfulTabs: {0545b830-f0aa-4d7e-8820-50a4629a56fe} - %profile%\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}

FF - Ext: ANTHEM: {07b2a769-ed19-4483-87ce-c643914c9626} - %profile%\extensions\{07b2a769-ed19-4483-87ce-c643914c9626}

FF - Ext: All-in-One Sidebar: {097d3191-e6fa-4728-9826-b533d755359d} - %profile%\extensions\{097d3191-e6fa-4728-9826-b533d755359d}

FF - Ext: TwitterBar: {1a0c9ebe-ddf9-4b76-b8a3-675c77874d37} - %profile%\extensions\{1a0c9ebe-ddf9-4b76-b8a3-675c77874d37}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Bloody Red: {2458abc0-f443-11dd-87af-0800200c9a66} - %profile%\extensions\{2458abc0-f443-11dd-87af-0800200c9a66}

FF - Ext: Split Browser: {29c4afe1-db19-4298-8785-fcc94d1d6c1d} - %profile%\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}

FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

FF - Ext: Qute: {36C13C8F-54F1-412e-8177-2E411719162D} - %profile%\extensions\{36C13C8F-54F1-412e-8177-2E411719162D}

FF - Ext: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - %profile%\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}

FF - Ext: ScrapBook: {53A03D43-5363-4669-8190-99061B2DEBA5} - %profile%\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}

FF - Ext: Scribblies Plain: {558D3F58-1E89-4fe2-A1F1-5EADC7BC77CB} - %profile%\extensions\{558D3F58-1E89-4fe2-A1F1-5EADC7BC77CB}

FF - Ext: Shop to Win: {5835466c-49af-4cbe-b102-a8c8b6313749} - %profile%\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}

FF - Ext: Oskar: {5b175400-2368-11de-8c30-0800200c9a66} - %profile%\extensions\{5b175400-2368-11de-8c30-0800200c9a66}

FF - Ext: Aero Fox XL: {5c8bfb7c-9a54-11dc-8314-0800200c9a66} - %profile%\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}

FF - Ext: Aeon Big: {5FF97DB7-2EF7-4a7f-8E36-5214B5C5C65A} - %profile%\extensions\{5FF97DB7-2EF7-4a7f-8E36-5214B5C5C65A}

FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

FF - Ext: Speed Dial: {64161300-e22b-11db-8314-0800200c9a66} - %profile%\extensions\{64161300-e22b-11db-8314-0800200c9a66}

FF - Ext: AOL Toolbar: {7affbfae-c4e2-4915-8c0f-00fa3ec610a1} - %profile%\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}

FF - Ext: PimpZilla: {a02c0c70-605c-11da-8cd6-0800200c9a66} - %profile%\extensions\{a02c0c70-605c-11da-8cd6-0800200c9a66}

FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

FF - Ext: DictionarySearch: {a0faa0a4-f1a7-4098-9a74-21efc3a92372} - %profile%\extensions\{a0faa0a4-f1a7-4098-9a74-21efc3a92372}

FF - Ext: AIM Toolbar: {c2f863cd-0429-48c7-bb54-db756a951760} - %profile%\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}

FF - Ext: Aeon Jumbo: {C8E400E3-44BC-4e78-8C17-8C48E74C67F4} - %profile%\extensions\{C8E400E3-44BC-4e78-8C17-8C48E74C67F4}

FF - Ext: ScheduleOnce Gmail Add-on: {CB03C4C2-AD8F-11DE-A8F9-FF7A56D89593} - %profile%\extensions\{CB03C4C2-AD8F-11DE-A8F9-FF7A56D89593}

FF - Ext: CoolPreviews : {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B} - %profile%\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}

FF - Ext: Yoono: {d9284e50-81fc-11da-a72b-0800200c9a66} - %profile%\extensions\{d9284e50-81fc-11da-a72b-0800200c9a66}

FF - Ext: ScheduleOnce for Firefox: {db070652-d445-473f-bd7f-69df4a6a474d} - %profile%\extensions\{db070652-d445-473f-bd7f-69df4a6a474d}

FF - Ext: Tab Mix Plus: {dc572301-7619-498c-a57d-39143191b318} - %profile%\extensions\{dc572301-7619-498c-a57d-39143191b318}

FF - Ext: Pink Fox: {e7348bc0-16f6-11de-8c30-0800200c9a66} - %profile%\extensions\{e7348bc0-16f6-11de-8c30-0800200c9a66}

FF - Ext: FoxTab: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} - %profile%\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}

FF - Ext: 2 Pane Bookmarks: {FD61379B-066A-4afc-89DE-89FB24D907C2} - %profile%\extensions\{FD61379B-066A-4afc-89DE-89FB24D907C2}

FF - Ext: Facebook PhotoZoom: {20cc25e2-48c9-45e1-9a1f-1ccc1882b81b} - %profile%\extensions\{20cc25e2-48c9-45e1-9a1f-1ccc1882b81b}

FF - Ext: Boost for Facebook: {47624dda-b77e-4feb-820a-e4f077d5d4ca} - %profile%\extensions\{47624dda-b77e-4feb-820a-e4f077d5d4ca}

FF - Ext: SmallringFX DARKMagenta: {ce951a80-a291-11df-981c-0800200c9a66} - %profile%\extensions\{ce951a80-a291-11df-981c-0800200c9a66}

FF - Ext: Metal3D: {48e23fba-bb14-4745-b768-382150cd83fb} - %profile%\extensions\{48e23fba-bb14-4745-b768-382150cd83fb}

FF - Ext: Purple Fox: {3ffb7be0-8bde-11de-8a39-0800200c9a66} - %profile%\extensions\{3ffb7be0-8bde-11de-8a39-0800200c9a66}

FF - Ext: Yontoo Layers: plugin@yontoo.com - %profile%\extensions\plugin@yontoo.com

FF - Ext: PageRage Toolbar: {9565115d-c7d6-46d3-bd63-b67b481a4368} - %profile%\extensions\{9565115d-c7d6-46d3-bd63-b67b481a4368}

FF - Ext: Custom Buttons²: CustomButtons2@cbtnext.org - %profile%\extensions\CustomButtons2@cbtnext.org

FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Internet Video Downloader: {B728AB94-9BC7-49b7-B76A-422BB31B2FD0} - c:\program files\ArcSoft\Media Converter for Philips\Internet Video Downloader\Plugin_FireFox

FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files\Google\Google Gears\Firefox

FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false

.

- - - - ORPHANS REMOVED - - - -

 

BHO-{64182481-4F71-486b-A045-B233BD0DA8FC} - c:\program files\facemoods.com\facemoods\1.4.17.1\bh\facemoods.dll

BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

Toolbar-{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - c:\program files\facemoods.com\facemoods\1.4.17.1\facemoodsTlbr.dll

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)

HKCU-Run-sbitunesagent - c:\program files\Philips\Philips Songbird\songbirditunesagent.exe

MSConfigStartUp-AOL Fast Start - c:\program files\AOL 9.5\AOL.EXE

MSConfigStartUp-Bing Bar - c:\program files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe

MSConfigStartUp-CSmileys - c:\program files\Crawler\Smileys\CSmileysIM.exe

MSConfigStartUp-DataMngr - c:\program files\Windows Searchqu Toolbar\DataMngr\DataMngrUI.exe

MSConfigStartUp-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.1\facemoodssrv.exe

MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

MSConfigStartUp-ISW - c:\program files\CheckPoint\ZAForceField\ForceField.exe

MSConfigStartUp-Microsoft Default Manager - c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe

MSConfigStartUp-MSN Toolbar - c:\program files\MSN Toolbar\Platform\4.0.0316.3\mswinext.exe

MSConfigStartUp-RtHDVCpl - RtHDVCpl.exe

MSConfigStartUp-SiteRanker - c:\program files\SiteRanker\SiteRankTray.exe

MSConfigStartUp-Skytel - Skytel.exe

AddRemove-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.1\uninstall.exe

AddRemove-WT067419 - c:\program files\HP Games\G.H.O.S.T. Hunters

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-01-08 02:11

Windows 6.0.6002 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'Explorer.exe'(3372)

c:\program files\Stardock\Fences\FencesMenu.dll

c:\program files\Stardock\ObjectDockFree\ODMenu.dll

c:\program files\Stardock\Object Desktop\DeskScapes3\deskscapes.dll

c:\program files\Stardock\Object Desktop\DeskScapes3\deskscape.dll

c:\program files\stardock\fences\DesktopDock.dll

c:\windows\system32\wpdshext.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Microsoft Security Essentials\MsMpEng.exe

c:\program files\Stardock\MyColors\VistaSrv.exe

c:\program files\Stardock\MyColors\WBVista.exe

c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

c:\windows\system32\agrsmsvc.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Common Files\Motive\McciCMService.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\windows\system32\WUDFHost.exe

c:\program files\The Weather Channel FW\Screensaver\TWCScreensaverUpdater.exe

c:\program files\Google\Update\1.2.183.39\GoogleCrashHandler.exe

c:\program files\Windows Media Player\wmpnetwk.exe

.

**************************************************************************

.

Completion time: 2011-01-08 02:21:15 - machine was rebooted

ComboFix-quarantined-files.txt 2011-01-08 10:20

 

Pre-Run: 181,533,290,496 bytes free

Post-Run: 181,651,423,232 bytes free

 

- - End Of File - - 55F8962D1E3AB586B463D36459FD462E

Link to comment
Share on other sites
nettie209 Newbie

nettie209

Posted
  • Author
Posted

Part 3 ComboFix Quarantine-files Text

 

2011-01-08 10:19:57 . 2011-01-08 10:19:57 2,292 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-WT067419.reg.dat

2011-01-08 10:19:57 . 2011-01-08 10:19:57 604 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-facemoods.reg.dat

2011-01-08 10:19:17 . 2011-01-08 10:19:17 798 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-Skytel.reg.dat

2011-01-08 10:19:17 . 2011-01-08 10:19:17 896 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-SiteRanker.reg.dat

2011-01-08 10:19:17 . 2011-01-08 10:19:17 810 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-RtHDVCpl.reg.dat

2011-01-08 10:19:16 . 2011-01-08 10:19:16 938 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-MSN Toolbar.reg.dat

2011-01-08 10:19:16 . 2011-01-08 10:19:16 1,042 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-Microsoft Default Manager.reg.dat

2011-01-08 10:19:16 . 2011-01-08 10:19:16 926 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-ISW.reg.dat

2011-01-08 10:19:15 . 2011-01-08 10:19:15 998 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-Google Desktop Search.reg.dat

2011-01-08 10:19:15 . 2011-01-08 10:19:15 952 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-facemoods.reg.dat

2011-01-08 10:19:15 . 2011-01-08 10:19:15 924 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-DataMngr.reg.dat

2011-01-08 10:19:15 . 2011-01-08 10:19:15 896 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-CSmileys.reg.dat

2011-01-08 10:19:15 . 2011-01-08 10:19:15 926 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-Bing Bar.reg.dat

2011-01-08 10:19:15 . 2011-01-08 10:19:15 894 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-AOL Fast Start.reg.dat

2011-01-08 10:18:55 . 2011-01-08 10:18:55 168 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-sbitunesagent.reg.dat

2011-01-08 10:18:53 . 2011-01-08 10:18:53 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}.reg.dat

2011-01-08 10:18:50 . 2011-01-08 10:18:50 1,973 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Toolbar-{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}.reg.dat

2011-01-08 10:18:49 . 2011-01-08 10:18:49 377 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440}.reg.dat

2011-01-08 10:18:47 . 2011-01-08 10:18:47 380 ----a-w- C:\Qoobox\Quarantine\Registry_backups\BHO-{D4027C7F-154A-4066-A1AD-4243D8127440}.reg.dat

2011-01-08 10:18:46 . 2011-01-08 10:18:46 969 ----a-w- C:\Qoobox\Quarantine\Registry_backups\BHO-{64182481-4F71-486b-A045-B233BD0DA8FC}.reg.dat

2011-01-08 10:10:43 . 2004-04-30 09:01:00 53 ----a-w- C:\Qoobox\Quarantine\D\Autorun.inf.vir

2011-01-08 10:02:52 . 2011-01-08 10:02:52 1,218 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_FreezeScreenSaver.reg.dat

2011-01-08 10:02:17 . 2011-01-08 10:02:17 8,383 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg

2011-01-08 09:45:00 . 2011-01-08 09:51:11 62 ----a-w- C:\Qoobox\Quarantine\catchme.log

2010-12-21 11:25:42 . 2010-12-21 11:25:42 393 ----a-w- C:\Qoobox\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\o5j1ekxn.default\searchqutb\preferences.dat.vir

2010-11-02 05:53:28 . 2010-04-12 21:01:50 5,495 ----a-w- C:\Qoobox\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\o5j1ekxn.default\searchplugins\SearchquWebSearch.xml.vir

2010-11-02 05:53:27 . 2010-04-12 21:01:50 5,495 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Mozilla Firefox\searchplugins\SearchquWebSearch.xml.vir

2010-10-22 08:38:18 . 2010-10-22 08:38:19 137,945 ----a-w- C:\Qoobox\Quarantine\C\Program Files\facemoods.com\facemoods\1.4.17.1\uninstall.exe.vir

2010-10-10 14:46:56 . 2010-10-10 14:46:56 2,664 ----a-w- C:\Qoobox\Quarantine\C\Program Files\facemoods.com\facemoods\1.4.17.1\facemoods.png.vir

2010-10-07 08:41:50 . 2010-10-07 08:41:50 364,544 ----a-w- C:\Qoobox\Quarantine\C\Program Files\facemoods.com\facemoods\1.4.17.1\facemoodsApp.dll.vir

2010-10-07 08:41:50 . 2010-10-07 08:41:50 262,144 ----a-w- C:\Qoobox\Quarantine\C\Program Files\facemoods.com\facemoods\1.4.17.1\bh\facemoods.dll.vir

2010-10-07 08:41:48 . 2010-10-07 08:41:48 458,752 ----a-w- C:\Qoobox\Quarantine\C\Program Files\facemoods.com\facemoods\1.4.17.1\facemoodsEng.dll.vir

2010-10-07 08:41:48 . 2010-10-07 08:41:48 323,584 ----a-w- C:\Qoobox\Quarantine\C\Program Files\facemoods.com\facemoods\1.4.17.1\facemoodssrv.exe.vir

2010-10-07 08:41:48 . 2010-10-07 08:41:48 217,088 ----a-w- C:\Qoobox\Quarantine\C\Program Files\facemoods.com\facemoods\1.4.17.1\facemoodsTlbr.dll.vir

2010-09-07 09:28:26 . 2010-09-07 09:28:26 31,228 ----a-w- C:\Qoobox\Quarantine\C\Program Files\facemoods.com\facemoods\1.4.17.1\facemoods.crx.vir

2010-02-24 05:12:04 . 2006-04-26 23:45:26 430 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\Install.txt.vir

2010-02-06 00:06:29 . 2010-02-06 00:06:29 22 ----a-w- C:\Qoobox\Quarantine\C\Program Files\RegGenie\Backups\40214.671175463.vir

2010-02-05 23:56:19 . 2010-02-06 00:06:30 94 ----a-w- C:\Qoobox\Quarantine\C\Program Files\RegGenie\RegGenie.ini.vir

2009-03-04 15:44:34 . 2009-03-04 15:44:34 1,308,520 ----a-w- C:\Qoobox\Quarantine\C\Windows\MailSwitch.ocx.vir

2008-09-08 00:35:25 . 2009-02-08 05:58:23 4,074 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\tmp.reg.vir

2007-09-20 01:14:40 . 2007-09-20 01:14:40 506,686 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\autorun.inf.vir

2007-04-24 20:11:14 . 2007-04-24 20:11:14 365 ----a-w- C:\Qoobox\Quarantine\C\Windows\Downloaded Program Files\f3initialsetup1.0.1.0.inf.vir

2006-11-02 13:04:06 . 2011-01-08 05:59:54 4,194,304 ----atw- C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Network\Downloader\qmgr1.dat.vir

2006-11-02 13:04:06 . 2011-01-08 05:59:54 4,194,304 ----atw- C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Network\Downloader\qmgr0.dat.vir

Link to comment
Share on other sites
Superdave Newbie

Superdave

Posted
Posted

Please read here for more information about WildTangent. Your choice if you want to remove it or not.

 

If you choose to follow my advice, please follow these instructions.

 

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

 

WildTangent Web Driveror anything related to WildTangent or WildGames.

*******************************************************************

ESET Online Scan

 

Scan your computer with the ESET FREE Online Virus Scan

 

* Click the ESET Online Scanner button.

 

* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

* Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop

* Double click on the esetsmartinstaller_enu.exe icon on your desktop.

* Place a check mark next to YES, I accept the Terms of Use.

 

* Click the Start button.

* Accept any security warnings from your browser.

* Leave the check mark next to Remove found threats and place a check next to Scan archives.

* Click the Start button.

* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.

* When the scan completes, click List of found threats.

* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.

* Click the Back button then click Finish.

 

In your next reply please include the ESET Online Scan Log

Link to comment
Share on other sites
nettie209 Newbie

nettie209

Posted
  • Author
Posted

ESET Scan Results

 

Dear Superdave:

 

I appreciate your input on WildTangent and yes I did uninstall any and all programs that were affiliated with the "WT" After in which I ran the scan that you suggested and NO Infections were found, needless to say I was very happy I think my system is finally pretty clean...Is there anything else you recommend I do:?: Thanks again:!:

 

nettie209 8-)

Link to comment
Share on other sites
Superdave Newbie

Superdave

Posted
Posted

That sounds good. Let's do some cleanup.

 

Download OTL to your desktop.

To remove all of the tools we used and the files and folders they created do the following:

Double click OTL.exe.

  • Click the CleanUp button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

**************************************************

To set a new Restore Point.

 

Click Start button , click Control Panel, click System and Maintenance, and then clicking System. In the left pane, click System Protection. If you are prompted for an administrator password or confirmation, type the password or provide confirmation. To turn off System Protection for a hard disk, clear the check box next to the disk, and then click OK. Reboot to Normal Mode.

Click the Start button , click Control Panel, click System and Maintenance, and then click System.

In the left pane, click System Protection. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

To turn on System Protection for a hard disk, select the check box next to the disk, and then click OK.

This will give you a new, clean Restore Point.

***********************************************************

Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

 

Double-click TFC.exe to run it.

 

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

 

TFC will close all programs when run, so make sure you have saved all your work before you begin.

 

* Click the Start button to begin the cleaning process.

* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.

* Please let TFC run uninterrupted until it is finished.

 

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

*************************************************

Looking over your log it seems you don't have any evidence of a third party firewall.

 

Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

 

Remember only install ONE firewall

 

1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)

2) Online Armor

3) Agnitum Outpost

4) PC Tools Firewall Plus

 

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

*********************************************

Use the Secunia Software Inspector to check for out of date software.

 

•Click Start Now

 

•Check the box next to Enable thorough system inspection.

 

•Click Start

 

•Allow the scan to finish and scroll down to see if any updates are needed.

•Update anything listed.

.

----------

 

Go to Microsoft Windows Update and get all critical updates.

 

----------

 

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

 

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.

* Using SpywareBlaster to protect your computer from Spyware and Malware

* If you don't know what ActiveX controls are, see here

 

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

 

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

 

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.

Safe Surfing!

Link to comment
Share on other sites
nettie209 Newbie

nettie209

Posted
  • Author
Posted

Reply to Cleanup

 

Hi Superdave;-)

 

I did the OTL and replaced my Windows Firewall with Online Armor Firewall. I was already using WOT on the 3 browsers that it provides service for. I'm also now using the Spyware Blaster. I think now that me and my computer are truly GOOD 2 GO:!: 8-) I sooooo appreciate all of your professional input and guidance with my issues on my system. It's so nice to work with someone who made my tasks easy with specific instructions. I'm by far a computer pro but not dumb either N E Wayz what I'm trying to say is you made things easy to understand, and I appreciate all you've done! Thanks again8-) Oh, one more thing I'm sure you'll be able to help me with is, could you tell me what would keep my Windows Defender from starting:?: Every time I've tried to start it I get a error 0x800106ba Would you know what that means and can you give me a lead on what to do to resolve this:?: Appreciate any feedback Thanks again for all your help,

 

nettie209

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...