Computer Hope
Software => Computer viruses and spyware => Topic started by: MP1975 on August 25, 2012, 07:00:49 PM
-
Hi all hope all is well,
Receive the same error the last few times I've run malewarebytes ;
Trojan.Ransom - registry value - hkcu\software\microsoft\windowsnt\currentversion\windowsload - windows load
How do I get rid of it for good before it starts affecting my computer.
Thanks in advance,
MP.
-
welcome to computer hope, when you post a question it is better if we know what kind of o/s you have, ram, any other system info so we know what you are using and how also what kind of virus protection. Sounds pretty simple but need to know a little more before I make any recommendations.................getting there
-
Sorry you are correct.
Been here many many years lol . I have a HP Pavilion running windows xp. I use all freeware as prescribed by , this place lol, malewarebytes, avg and super anti spyware.
Thanks in advance,
MP
-
Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.
1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.
If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
SUPERAntiSpyware
If you already have SUPERAntiSpyware be sure to check for updates before scanning!
Download SuperAntispyware Free Edition (SAS) (http://www.superantispyware.com/download.html)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here (http://www.softpedia.com/get/Others/Signatures-Updates/SUPERAntiSpyware-Database-Definitions-Updates.shtml)
* Next click the Preferences button.
•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:
•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked
•Click the Close button to leave the control center screen.
* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes
•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.
•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...
* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
*********************************************
(http://i424.photobucket.com/albums/pp322/digistar/mbamicontw5.gif) Please download Malwarebytes Anti-Malware from here. (http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe)
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Full Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
- Please save the log to a location you will remember.
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy and paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
*************************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.
Link 1 (http://screen317.spywareinfoforum.org/SecurityCheck.exe)
Link 2 (http://screen317.changelog.fr/SecurityCheck.exe)
* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.
Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
-
Super Dave ,
Thanks much for the help. Here are the results of 317 ;
Results of screen317's Security Check version 0.99.49
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled!
AVG Anti-Virus Free Edition 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````[/u]
Out of date HijackThis installed!
Malwarebytes Anti-Malware version 1.62.0.1300
HijackThis 2.0.2
Java(TM) 6 Update 23
Java version out of Date!
Adobe Flash Player 11.3.300.271 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (15.0)
````````Process Check: objlist.exe by Laurent````````[/u]
AVG avgwdsvc.exe
AVG avgtray.exe
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````[/u]
Here are the results of Malwarebytes ;
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.08.30.04
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
MP :: MP-PC [administrator]
8/30/2012 11:49:55 AM
mbam-log-2012-08-30 (11-49-55).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 203550
Time elapsed: 3 minute(s), 19 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Ransom) -> Data: C:\Users\MP\LOCALS~1\Temp\ooplqbqkrzhea.com -> Delete on reboot.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Here are the results of SAS ;
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 08/30/2012 at 12:06 PM
Application Version : 5.0.1146
Core Rules Database Version : 9151
Trace Rules Database Version: 6963
Scan type : Quick Scan
Total Scan Time : 00:10:42
Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User
Memory items scanned : 565
Memory threats detected : 0
Registry items scanned : 54931
Registry threats detected : 0
File items scanned : 11589
File threats detected : 188
Adware.Tracking Cookie
.doubleclick.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.media.adfrontiers.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.micklemedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.adxpose.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.pointroll.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.adserver.adtechus.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.yieldmanager.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
www.werevenueu.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.technoratimedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.technoratimedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
ads2.888media.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.micklemedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.micklemedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.micklemedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.aim4media.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.t.pointroll.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
www.werevenueu.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.steelhousemedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.lucidmedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.lucidmedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.lucidmedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.micklemedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
network.realmedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.pro-market.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.pro-market.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.tribalfusion.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.247realmedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.247realmedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.247realmedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
rdtracker.bidsystem.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
www.burstnet.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
www.burstnet.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
www.burstnet.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
matcher.realmedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
network.realmedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.media.adfrontiers.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.pro-market.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.pro-market.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.t.pointroll.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.t.pointroll.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.micklemedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.micklemedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.micklemedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.micklemedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.micklemedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
hpi.rotator.hadj7.adjuggler.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
hpi.rotator.hadj7.adjuggler.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.rotator.hadj7.adjuggler.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
hpi.rotator.hadj7.adjuggler.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
ad2.adfarm1.adition.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.televisionfanatic.dl.mywebsearch.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.mywebsearch.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.tacoda.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.ar.atwola.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.atwola.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
adserv6.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
adserv6.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.googleads.g.doubleclick.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
sales.liveperson.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.adserver.adtechus.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.pointroll.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
mediaservices-d.openxenterprise.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.technoratimedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.technoratimedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
Thanks again for the help,
MP.
-
Update Your Java (JRE)
Old versions of Java have vulnerabilities that malware can use to infect your system.
First Verify your Java Version (http://www.java.com/en/download/installed.jsp)
If there are any other version(s) installed then update now.
Get the new version (if needed)
If your version is out of date install the newest version of the Sun Java Runtime Environment (http://www.majorgeeks.com/Sun_Java_Runtime_Environment_d4648.html).
Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
Be sure to close ALL open web browsers before starting the installation.
Remove any old versions
1. Download JavaRa (http://raproducts.org/click/click.php?id=1) and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.
Additional Note: The Java Quick Starter (JQS.exe) (http://java.sun.com/javase/6/docs/technotes/guides/jweb/otherFeatures/jqs.html) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
*********************************************************
Download Combofix from any of the links below, and save it to your DESKTOP.
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)
To prevent your anti-virus application interfering with ComboFix we need to disable it. See here (http://www.pchelpforum.com/anti-virus/110194-how-disable-your-security-applications-4.html) for a tutorial regarding how to do so if you are unsure.
- Close any open windows and double click ComboFix.exe to run it.
You will see the following image:
(http://i424.photobucket.com/albums/pp322/digistar/NSIS_disclaimer_ENG.png)
Click I Agree to start the program.
ComboFix will then extract the necessary files and you will see this:
(http://i424.photobucket.com/albums/pp322/digistar/NSIS_extraction.png)
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7
It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
If you did not have it installed, you will see the prompt below. Choose YES.
(http://i424.photobucket.com/albums/pp322/digistar/RcAuto1.gif)
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
(http://i424.photobucket.com/albums/pp322/digistar/whatnext.png)
Click on Yes, to continue scanning for malware.
When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.
Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.
-
Super Dave ,
I updated Java as directed and here are the results of combofix ;
ComboFix 12-08-30.05 - MP 08/30/2012 22:31:15.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8095.6148 [GMT -4:00]
Running from: c:\users\MP\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\intellidownload\gunzip.exe
c:\programdata\ntuser.dat
c:\users\MP\AppData\Roaming\.#
c:\users\Public\videos\HP MediaSmart Demo.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-28 to 2012-08-31 )))))))))))))))))))))))))))))))
.
.
2012-08-31 02:38 . 2012-08-31 02:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-31 02:24 . 2012-08-31 02:24 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-08-31 02:24 . 2012-08-31 02:24 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-08-31 02:24 . 2012-08-31 02:24 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-08-31 02:23 . 2012-08-31 02:23 -------- d-----w- c:\programdata\McAfee
2012-08-30 08:34 . 2012-08-30 08:34 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-08-19 21:30 . 2012-08-19 21:30 15712 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2012-08-19 21:30 . 2012-08-19 21:30 -------- d-----w- c:\users\MP\AppData\Local\SlimWare Utilities Inc
2012-08-15 07:02 . 2012-06-29 04:55 17809920 ----a-w- c:\windows\system32\mshtml.dll
2012-08-15 07:02 . 2012-06-29 04:09 10925568 ----a-w- c:\windows\system32\ieframe.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-31 02:24 . 2010-04-25 19:47 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-30 16:40 . 2012-03-31 21:55 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-30 16:40 . 2011-05-14 11:13 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-15 07:00 . 2009-10-22 19:19 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-07-03 17:46 . 2009-10-22 20:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-09 05:43 . 2012-07-11 05:56 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-07 00:59 . 2012-06-07 00:59 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-06-06 06:06 . 2012-07-11 05:56 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 05:56 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 05:56 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 05:56 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 05:56 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 05:56 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-22 08:57 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 09:17 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 09:17 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 09:17 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 08:57 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-22 09:17 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 08:57 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-22 08:47 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-22 08:47 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 05:50 . 2012-07-11 05:56 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 05:56 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:48 . 2012-07-11 05:56 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:45 . 2012-07-11 05:56 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 05:56 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 05:56 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 05:56 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 05:56 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 05:56 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MyTomTomSA.exe"="c:\program files (x86)\MyTomTom 3\MyTomTomSA.exe" [2012-05-18 434168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R1 DLACDBHE;DLACDBHE;c:\windows\system32\Drivers\DLACDBHE.SYS [2006-08-11 15992]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-30 250568]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 iscFlash;iscFlash;c:\swsetup\sp46590\iscflashx64.sys [2009-08-26 23344]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2009-06-19 20992]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2009-01-29 9216]
R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [2009-01-29 29696]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-30 114144]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [2012-08-19 15712]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-05 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 DRVECDB;DRVECDB;c:\windows\System32\Drivers\DRVECDB.SYS [2006-07-21 122776]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2006-07-24 52664]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 DLARTL_E;DLARTL_E;c:\windows\system32\Drivers\DLARTL_E.SYS [2006-08-11 39288]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-03-02 89600]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-07-04 5160568]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 DLABMFSE;DLABMFSE;c:\windows\system32\DLA\DLABMFSE.SYS [2006-08-18 44152]
S2 DLABOIOE;DLABOIOE;c:\windows\system32\DLA\DLABOIOE.SYS [2006-08-18 41976]
S2 DLADResE;DLADResE;c:\windows\system32\DLA\DLADResE.SYS [2006-08-18 10360]
S2 DLAIFS_E;DLAIFS_E;c:\windows\system32\DLA\DLAIFS_E.SYS [2006-08-18 141432]
S2 DLAOPIOE;DLAOPIOE;c:\windows\system32\DLA\DLAOPIOE.SYS [2006-08-18 33656]
S2 DLAPoolE;DLAPoolE;c:\windows\system32\DLA\DLAPoolE.SYS [2006-08-18 18040]
S2 DLAUDF_E;DLAUDF_E;c:\windows\system32\DLA\DLAUDF_E.SYS [2006-08-18 143096]
S2 DLAUDFAE;DLAUDFAE;c:\windows\system32\DLA\DLAUDFAE.SYS [2006-08-18 136952]
S2 DRVEDDM;DRVEDDM;c:\windows\system32\Drivers\DRVEDDM.SYS [2006-08-11 63608]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2010-07-16 30520]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-06-29 70656]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-12-21 139264]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 18:24 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 16:40]
.
2011-12-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3145774003-3066190270-2427905049-1001Core.job
- c:\users\MP\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-29 15:51]
.
2012-08-30 c:\windows\Tasks\HPCeeScheduleForMP.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 09:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-07-22 450048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cnnb
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\MP\AppData\Roaming\Mozilla\Firefox\Profiles\7ehyr3dl.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4c699e97&v=6.011.025.001&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{060a0a36-13dc-407d-b055-5a9accd8e083} - (no file)
URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - c:\program files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\program files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{060A0A36-13DC-407D-B055-5A9ACCD8E083} - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{08DB3902-2CE0-474D-BCE3-0177766CE9F1} - c:\program files (x86)\InstallShield Installation Information\{08DB3902-2CE0-474D-BCE3-0177766CE9F1}\setup.exe
AddRemove-SmartDraw VP - c:\smartd~1\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\06\02\13\02\04$?"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
.
**************************************************************************
.
Completion time: 2012-08-30 22:46:28 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-31 02:46
.
Pre-Run: 103,854,456,832 bytes free
Post-Run: 103,638,806,528 bytes free
.
- - End Of File - - 98469A4A47839936D70B425F0C967216
-
Please download Rooter (http://eric71.geekstogo.com/tools/Rooter.exe) and Save it to your desktop.
- Double click it to start the tool.Vista and Windows7 run as administrator.
- Click Scan.
- Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.
**************************************************
Please download aswMBR.exe (http://public.avast.com/%7Egmerek/aswMBR.exe) ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
(http://i424.photobucket.com/albums/pp322/digistar/aswMBR_Scan.jpg)
Click the "Scan" button to start scan
Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives
(http://i424.photobucket.com/albums/pp322/digistar/aswMBR_SaveLog.png)
On completion of the scan click save log, save it to your desktop and post in your next reply
-
Here are the Rooter results ;
Rooter.exe (v1.0.2) by Eric_71
.
The token does not have the SeDebugPrivilege privilege ! (error:1300)
Can not acquire SeDebugPrivilege !
Please run the tool as administrator ..
.
Windows 7 Home Edition (6.1.7601) Service Pack 1
[32_bits] - Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
.
Error OpenService (wscsvc) : 6
Error OpenSCManager : 5
Error OpenService (MpsSvc) : 6
Windows Defender -> Enabled
User Account Control (UAC) -> Enabled
.
Internet Explorer 9.0.8112.16421
Mozilla Firefox 15.0 (en-US)
.
C:\ [Fixed-NTFS] .. ( Total:219 Go - Free:95 Go )
D:\ [Fixed-NTFS] .. ( Total:12 Go - Free:2 Go )
E:\ [CD_Rom]
.
Scan : 21:58.41
Path : C:\Users\MP\Downloads\Rooter.exe
User : MP ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
Locked System (4)
Locked smss.exe (312)
Locked avgrsa.exe (400)
Locked avgcsrva.exe (476)
Locked csrss.exe (664)
Locked wininit.exe (728)
Locked csrss.exe (744)
Locked services.exe (780)
Locked lsass.exe (804)
Locked lsm.exe (812)
Locked svchost.exe (912)
Locked svchost.exe (1004)
Locked svchost.exe (416)
Locked svchost.exe (680)
Locked svchost.exe (860)
Locked stacsv64.exe (688)
Locked winlogon.exe (1152)
Locked svchost.exe (1376)
Locked hpservice.exe (1444)
Locked svchost.exe (1500)
Locked wlanext.exe (1588)
Locked conhost.exe (1604)
Locked spoolsv.exe (1700)
Locked svchost.exe (1732)
Locked SASCore64.exe (1860)
Locked AESTSr64.exe (1880)
Locked agr64svc.exe (1904)
Locked AppleMobileDeviceService.exe (1932)
Locked avgwdsvc.exe (1968)
Locked mDNSResponder.exe (2008)
Locked svchost.exe (1068)
Locked HPDrvMntSvc.exe (1292)
Locked LSSrvc.exe (1492)
Locked lxcecoms.exe (1784)
Locked RoxWatch9.exe (2052)
Locked svchost.exe (2184)
Locked WLIDSVC.EXE (2272)
Locked IAANTmon.exe (2324)
Locked WLIDSVCM.EXE (2352)
Locked avgidsagent.exe (2400)
Locked avgnsa.exe (2616)
Locked avgemca.exe (2628)
Locked RoxMediaDB9.exe (2032)
Locked svchost.exe (3152)
______ ?????????? (3676)
______ ?????????? (3728)
______ ?????????? (3756)
______ ?????????? (3960)
______ ?????????? (3968)
______ C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe (3980)
______ ?????????? (3348)
______ C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (3332)
______ C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (1112)
Locked hpqWmiEx.exe (1252)
Locked WmiPrvSE.exe (848)
Locked SynTPHelper.exe (1240)
Locked SearchIndexer.exe (896)
______ C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe (3644)
______ ?????????? (2076)
______ C:\Program Files (x86)\Mozilla Firefox\firefox.exe (4196)
______ ?????????? (4352)
______ c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (4420)
______ c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (4432)
______ C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (4504)
______ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe (4556)
______ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe (4576)
Locked HPHC_Service.exe (4992)
Locked wmpnetwk.exe (5100)
Locked svchost.exe (4412)
______ C:\Program Files (x86)\ClubWPT\ClubWPT.exe (7096)
Locked audiodg.exe (6340)
Locked SearchProtocolHost.exe (8232)
Locked SearchFilterHost.exe (1656)
______ C:\Users\MP\Downloads\Rooter.exe (5408)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:1048576 | Length:208666624)
\Device\Harddisk0\Partition2 (Start_Offset:209715200 | Length:236188598272)
\Device\Harddisk0\Partition3 (Start_Offset:236398313472 | Length:13659799552)
.
----------------------\\ Scheduled Tasks
.
C:\Windows\Tasks\Adobe Flash Player Updater.job
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3145774003-3066190270-2427905049-1001Core.job
C:\Windows\Tasks\HPCeeScheduleForMP.job
C:\Windows\Tasks\SA.DAT
C:\Windows\Tasks\SCHEDLGU.TXT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 21:58.49
.
C:\Rooter$\Rooter_1.txt - (31/08/2012 | 21:58.50)
Here are the ASW results ;
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-31 22:00:56
-----------------------------
22:00:56.732 OS Version: Windows x64 6.1.7601 Service Pack 1
22:00:56.732 Number of processors: 2 586 0x170A
22:00:56.732 ComputerName: MP-PC UserName: MP
22:00:57.892 Initialize success
22:01:18.294 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:01:18.294 Disk 0 Vendor: TOSHIBA_ FG00 Size: 238475MB BusType: 3
22:01:18.314 Disk 0 MBR read successfully
22:01:18.314 Disk 0 MBR scan
22:01:18.324 Disk 0 unknown MBR code
22:01:18.324 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
22:01:18.344 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 225247 MB offset 409600
22:01:18.374 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 13027 MB offset 461715456
22:01:18.394 Disk 0 scanning C:\Windows\system32\drivers
22:01:29.625 Service scanning
22:02:13.090 Modules scanning
22:02:13.090 Disk 0 trace - called modules:
22:02:13.140 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll
22:02:13.140 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007640790]
22:02:13.140 3 CLASSPNP.SYS[fffff880011ad43f] -> nt!IofCallDriver -> [0xfffffa80088848d0]
22:02:13.140 5 hpdskflt.sys[fffff880025c72bd] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007b5f050]
22:02:13.150 Scan finished successfully
22:02:48.493 Disk 0 MBR has been saved successfully to "C:\Users\MP\Documents\MBR.dat"
22:02:48.493 The log file has been saved successfully to "C:\Users\MP\Documents\aswMBR.txt"
Thanks much,
MP.
-
We need to fix the Master Boot Record (http://en.wikipedia.org/wiki/Master_boot_record) using aswMBR now.
- Double click aswMBR.exe to run it like before
- Once the scan finishes click FixMBR to remove the infection as illustrated below
(http://i424.photobucket.com/albums/pp322/digistar/aswMBR_FixMBR.jpg)
- Once the scan finishes click Save log to save the log to your Desktop
(http://i424.photobucket.com/albums/pp322/digistar/aswMBR_SaveLog.png)
- Copy and paste the contents of aswMBR.txt back here for review
.
******************************************************
- Download RogueKiller (http://tigzy.geekstogo.com/Tools/RogueKiller.exe) on the desktop
- Close all the running programs
- Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
- Otherwise just double-click on RogueKiller.exe
- Pre-scan will start. Let it finish.
- Click on SCAN button.
- A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
- If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
-
Here are the ASW results ;
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-31 22:00:56
-----------------------------
22:00:56.732 OS Version: Windows x64 6.1.7601 Service Pack 1
22:00:56.732 Number of processors: 2 586 0x170A
22:00:56.732 ComputerName: MP-PC UserName: MP
22:00:57.892 Initialize success
22:01:18.294 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:01:18.294 Disk 0 Vendor: TOSHIBA_ FG00 Size: 238475MB BusType: 3
22:01:18.314 Disk 0 MBR read successfully
22:01:18.314 Disk 0 MBR scan
22:01:18.324 Disk 0 unknown MBR code
22:01:18.324 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
22:01:18.344 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 225247 MB offset 409600
22:01:18.374 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 13027 MB offset 461715456
22:01:18.394 Disk 0 scanning C:\Windows\system32\drivers
22:01:29.625 Service scanning
22:02:13.090 Modules scanning
22:02:13.090 Disk 0 trace - called modules:
22:02:13.140 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll
22:02:13.140 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007640790]
22:02:13.140 3 CLASSPNP.SYS[fffff880011ad43f] -> nt!IofCallDriver -> [0xfffffa80088848d0]
22:02:13.140 5 hpdskflt.sys[fffff880025c72bd] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007b5f050]
22:02:13.150 Scan finished successfully
22:02:48.493 Disk 0 MBR has been saved successfully to "C:\Users\MP\Documents\MBR.dat"
22:02:48.493 The log file has been saved successfully to "C:\Users\MP\Documents\aswMBR.txt"
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-01 18:57:09
-----------------------------
18:57:09.866 OS Version: Windows x64 6.1.7601 Service Pack 1
18:57:09.866 Number of processors: 2 586 0x170A
18:57:09.866 ComputerName: MP-PC UserName: MP
18:57:10.966 Initialize success
18:57:22.089 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:57:22.089 Disk 0 Vendor: TOSHIBA_ FG00 Size: 238475MB BusType: 3
18:57:22.129 Disk 0 MBR read successfully
18:57:22.129 Disk 0 MBR scan
18:57:22.129 Disk 0 unknown MBR code
18:57:22.139 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
18:57:22.159 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 225247 MB offset 409600
18:57:22.179 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 13027 MB offset 461715456
18:57:22.219 Disk 0 scanning C:\Windows\system32\drivers
18:57:33.101 Service scanning
18:58:16.317 Modules scanning
18:58:16.317 Disk 0 trace - called modules:
18:58:16.357 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll
18:58:16.357 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007640790]
18:58:16.367 3 CLASSPNP.SYS[fffff880011ad43f] -> nt!IofCallDriver -> [0xfffffa80088848d0]
18:58:16.367 5 hpdskflt.sys[fffff880025c72bd] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007b5f050]
18:58:16.377 Scan finished successfully
18:59:49.537 Verifying
18:59:59.568 Disk 0 Windows 601 MBR fixed successfully
19:01:16.596 Disk 0 MBR has been saved successfully to "C:\Users\MP\Documents\MBR.dat"
19:01:16.606 The log file has been saved successfully to "C:\Users\MP\Documents\aswMBR.txt"
Here is the RougeKiller results ;
RogueKiller V8.0.2 [08/31/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : MP [Admin rights]
Mode : Scan -- Date : 09/01/2012 19:06:20
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 4 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK2555GSX +++++
--- User ---
[MBR] fa0b85d6a7e389dbc05f3491884be698
[BSP] aa740c297d1409422a4ba86725722b84 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 225247 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 461715456 | Size: 13027 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1].txt >>
RKreport[1].txt
Thanks,
MP.
-
We need to fix the Master Boot Record (http://en.wikipedia.org/wiki/Master_boot_record) using aswMBR now.
- Double click aswMBR.exe to run it like before
- Once the scan finishes click FixMBR to remove the infection as illustrated below
(http://i424.photobucket.com/albums/pp322/digistar/aswMBR_FixMBR.jpg)
- Once the scan finishes click Save log to save the log to your Desktop
(http://i424.photobucket.com/albums/pp322/digistar/aswMBR_SaveLog.png)
- Copy and paste the contents of aswMBR.txt back here for review
.
-
Same results as last time ?
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-31 22:00:56
-----------------------------
22:00:56.732 OS Version: Windows x64 6.1.7601 Service Pack 1
22:00:56.732 Number of processors: 2 586 0x170A
22:00:56.732 ComputerName: MP-PC UserName: MP
22:00:57.892 Initialize success
22:01:18.294 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:01:18.294 Disk 0 Vendor: TOSHIBA_ FG00 Size: 238475MB BusType: 3
22:01:18.314 Disk 0 MBR read successfully
22:01:18.314 Disk 0 MBR scan
22:01:18.324 Disk 0 unknown MBR code
22:01:18.324 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
22:01:18.344 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 225247 MB offset 409600
22:01:18.374 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 13027 MB offset 461715456
22:01:18.394 Disk 0 scanning C:\Windows\system32\drivers
22:01:29.625 Service scanning
22:02:13.090 Modules scanning
22:02:13.090 Disk 0 trace - called modules:
22:02:13.140 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll
22:02:13.140 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007640790]
22:02:13.140 3 CLASSPNP.SYS[fffff880011ad43f] -> nt!IofCallDriver -> [0xfffffa80088848d0]
22:02:13.140 5 hpdskflt.sys[fffff880025c72bd] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007b5f050]
22:02:13.150 Scan finished successfully
22:02:48.493 Disk 0 MBR has been saved successfully to "C:\Users\MP\Documents\MBR.dat"
22:02:48.493 The log file has been saved successfully to "C:\Users\MP\Documents\aswMBR.txt"
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-01 18:57:09
-----------------------------
18:57:09.866 OS Version: Windows x64 6.1.7601 Service Pack 1
18:57:09.866 Number of processors: 2 586 0x170A
18:57:09.866 ComputerName: MP-PC UserName: MP
18:57:10.966 Initialize success
18:57:22.089 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:57:22.089 Disk 0 Vendor: TOSHIBA_ FG00 Size: 238475MB BusType: 3
18:57:22.129 Disk 0 MBR read successfully
18:57:22.129 Disk 0 MBR scan
18:57:22.129 Disk 0 unknown MBR code
18:57:22.139 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
18:57:22.159 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 225247 MB offset 409600
18:57:22.179 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 13027 MB offset 461715456
18:57:22.219 Disk 0 scanning C:\Windows\system32\drivers
18:57:33.101 Service scanning
18:58:16.317 Modules scanning
18:58:16.317 Disk 0 trace - called modules:
18:58:16.357 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll
18:58:16.357 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007640790]
18:58:16.367 3 CLASSPNP.SYS[fffff880011ad43f] -> nt!IofCallDriver -> [0xfffffa80088848d0]
18:58:16.367 5 hpdskflt.sys[fffff880025c72bd] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007b5f050]
18:58:16.377 Scan finished successfully
18:59:49.537 Verifying
18:59:59.568 Disk 0 Windows 601 MBR fixed successfully
19:01:16.596 Disk 0 MBR has been saved successfully to "C:\Users\MP\Documents\MBR.dat"
19:01:16.606 The log file has been saved successfully to "C:\Users\MP\Documents\aswMBR.txt"
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-01 20:23:50
-----------------------------
20:23:50.166 OS Version: Windows x64 6.1.7601 Service Pack 1
20:23:50.166 Number of processors: 2 586 0x170A
20:23:50.166 ComputerName: MP-PC UserName: MP
20:23:51.237 Initialize success
20:23:56.475 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:23:56.485 Disk 0 Vendor: TOSHIBA_ FG00 Size: 238475MB BusType: 3
20:23:56.525 Disk 0 MBR read successfully
20:23:56.525 Disk 0 MBR scan
20:23:56.525 Disk 0 Windows 7 default MBR code
20:23:56.535 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
20:23:56.545 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 225247 MB offset 409600
20:23:56.575 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 13027 MB offset 461715456
20:23:56.605 Disk 0 scanning C:\Windows\system32\drivers
20:24:07.867 Service scanning
20:24:52.173 Modules scanning
20:24:52.173 Disk 0 trace - called modules:
20:24:52.193 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll
20:24:52.203 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007640790]
20:24:52.203 3 CLASSPNP.SYS[fffff880011ad43f] -> nt!IofCallDriver -> [0xfffffa80088848d0]
20:24:52.203 5 hpdskflt.sys[fffff880025c72bd] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007b5f050]
20:24:52.213 Scan finished successfully
20:25:16.659 Verifying
20:25:26.700 Disk 0 Windows 601 MBR fixed successfully
20:26:02.930 Verifying
20:26:12.961 Disk 0 Windows 601 MBR fixed successfully
20:26:22.572 Disk 0 MBR has been saved successfully to "C:\Users\MP\Documents\MBR.dat"
20:26:22.572 The log file has been saved successfully to "C:\Users\MP\Documents\aswMBR.txt"
Thanks,
MP.
-
I'd like to scan your machine with ESET OnlineScan
•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetOnline.png) button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstall.png) to download the ESET Smart Installer. Save it to your desktop.
- Double click on the (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstallDesktopIcon-1.png) icon on your desktop.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetAcceptTerms.png)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetStart.png) button.
•Accept any security warnings from your browser.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetScanArchives.png)
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push (http://i424.photobucket.com/albums/pp322/digistar/esetListThreats.png)
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetExport.png), and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the (http://i424.photobucket.com/albums/pp322/digistar/esetBack.png) button.
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetFinish.png)
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
-
Here ya go ;
C:\Program Files (x86)\intellidownload\torrent.exe Win32/BundleInstaller application
C:\Users\MP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y6OXZ3DG\giftrewardonline_com[1].htm HTML/ScrInject.B.Gen virus
C:\Users\MP\Downloads\installer_diskeeper_lite.exe Win32/Toggle application
-
Please run ESET again because the infections were not cleaned. Also, please tell me how your computer is running now.
-
Mission control we had a problem...
I ran it again as instructed and the first time when it was finished and I hit FIX it took to me a screen trying to sell me the software. When I hit the 30 day free trial it didn't seem to do anything. I started it again and it finished telling me there were no problems found and again taking me to a screen trying to sell me the software ? I do not see a report.
My computer runs just great to be honest it's just the last several times I've run Malwarebytes it shows an infection. Before it does affect my compuetr I would like to get rid of it.
You've been a big help Thanks again,
MP.
-
I ran it again as instructed and the first time when it was finished and I hit FIX it took to me a screen trying to sell me the software.
I just ran ESET again on my computer and I don't see any Fix button or free trial. You should not be seeing anything like that. Please try running it again. Also, please post another MBAM log.
Edit. I just finished the ESET scan and I received the same sales pitch so something has changed at ESET.
-
Dave ,
I "Must have" run asw ? I'm a dolt.
"BUT" The good news is I ran MBAM and the original Trogan is no longer showing up. I can assume I now have a clean bill of health .
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.09.04.08
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
MP :: MP-PC [administrator]
9/4/2012 1:02:03 PM
mbam-log-2012-09-04 (13-02-03).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 206759
Time elapsed: 1 minute(s), 16 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Again thanks much for the help and patience,
MP.
-
Let's give it a few days to see how it works then come back and we'll do some cleanup.
-
Very cool !!!!
And I always "thought" I was clean as a whistle. lol
Gonna learn something new.
Again can't thank you enough,
MP.
-
Dave ,
I just ran Superantispyware, malwarebytes and avg and everything is clean, no more Trojan.
Any other tweaking or clean up you can suggest would be a big help.
Thanks much,
MP.
-
Just a cleanup and we should be done.
Download this program and run it Uninstall ComboFix (http://download.bleepingcomputer.com/sUBs/CF_UNINST.EXE) .It will remove ComboFix for you.
***************************************************
Download OTC by OldTimer (http://oldtimer.geekstogo.com/OTC.exe) and save it to your desktop.
1. Double-click OTC to run it.
2. Click the CleanUp! button.
3. Select Yes when the "Begin cleanup Process?" prompt appears.
4. If you are prompted to Reboot during the cleanup, select Yes
5. OTC should delete itself once it finishes, if not delete it yourself.
****************************************************
To set a new Restore Point.
Click Start button , click Control Panel, click System and Maintenance, and then clicking System. In the left pane, click System Protection. If you are prompted for an administrator password or confirmation, type the password or provide confirmation. To turn off System Protection for a hard disk, clear the check box next to the disk, and then click OK. Reboot to Normal Mode.
Click the Start button , click Control Panel, click System and Maintenance, and then click System.
In the left pane, click System Protection. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
To turn on System Protection for a hard disk, select the check box next to the disk, and then click OK.
This will give you a new, clean Restore Point.
***********************************************************
Clean out your temporary internet files and temp files.
Download TFC by OldTimer (http://oldtimer.geekstogo.com/TFC.exe) to your desktop.
Double-click TFC.exe to run it.
Note: If you are running on Vista, right-click on the file and choose Run As Administrator
TFC will close all programs when run, so make sure you have saved all your work before you begin.
* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.
Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
*****************************************************
Use the Secunia Software Inspector (http://secunia.com/software_inspector) to check for out of date software.
•Click Start Now
•Check the box next to Enable thorough system inspection.
•Click Start
•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------
Go to Microsoft Windows Update (http://windowsupdate.microsoft.com/) and get all critical updates.
----------
I suggest using WOT - Web of Trust (http://www.mywot.com/). WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.
SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html)- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer (http://www.bleepingcomputer.com/forums/tutorial49.html) from Spyware and Malware
* If you don't know what ActiveX controls are, see here (http://www.webopedia.com/TERM/A/ActiveX_control.html)
Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. (http://www.safer-networking.org/en/spybotsd/index.html) Guide: Use Spybot's Immunize Feature (http://www.bleepingcomputer.com/tutorials/tutorial43.html#immunize) to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ (http://www.safer-networking.org/en/faq/index.html)
Check out Keeping Yourself Safe On The Web (http://evilfantasy.wordpress.com/2008/05/20/keeping-yourself-safe-on-the-web/) for tips and free tools to help keep you safe in the future.
Also see Slow Computer? It may not be Malware (http://evilfantasy.wordpress.com/2008/05/24/slow-computer-it-may-not-be-malware/) for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!
-
Will do all suggested just to let you know I use Firefox and not Explorer. No difference in what to run ?
-
Will do all suggested just to let you know I use Firefox and not Explorer. No difference in what to run ?
Some say FireFox is a more secure browser but it really doesn't make any difference.
-
Dave ,
Completed all suggestions , I opted out of spyblaster because it wanted me to either sign up for something or pay 14.95 and a funny thing with secunia (sp?) I ran it and updated what needed to be updated. Then, not sure why, I reran it again i guess to make sure the updates took and it listed the same software ? I went to the java site and it told me I had the latest version it also lists flashplayer twice. Otherwise everything else was completed.
Thanks much,
MP.
-
Then, not sure why, I reran it again i guess to make sure the updates took and it listed the same software ?
Sometimes if there are remnants of a previous program such as a previous version of Java not removed it will trigger a warning.
Thanks much,
You're welcome. I will lock this thread. If you need it re-opened, please send me a pm.
-
Please download AdwCleaner (http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner)by Xplode onto your Desktop.
- Double click on AdwCleaner.exe to run the tool.
- Click on Search.
- A logfile will automatically open after the scan has finished.
- Please post the content of that logfile in your reply.
- You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.
-
Here ya go.
# AdwCleaner v2.001 - Logfile created 09/13/2012 at 21:23:19
# Updated 09/09/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : MP - MP-PC
# Boot Mode : Normal
# Running from : C:\Users\MP\Downloads\adwcleaner.exe
# Option [Search]
***** [Services] *****
Found : Browser Manager
***** [Files / Folders] *****
File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt
File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt
Folder Found : C:\Program Files (x86)\Ask.com
Folder Found : C:\Program Files (x86)\Common Files\Software Update Utility
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\OApps
Folder Found : C:\Program Files (x86)\Zynga
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\Browser Manager
Folder Found : C:\Users\MP\AppData\Local\Conduit
Folder Found : C:\Users\MP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk
Folder Found : C:\Users\MP\AppData\LocalLow\Conduit
Folder Found : C:\Users\MP\AppData\LocalLow\PriceGong
Folder Found : C:\Users\MP\AppData\LocalLow\Zynga
Folder Found : C:\Users\MP\AppData\Roaming\Babylon
Folder Found : C:\Users\MP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
***** [Registry] *****
Data Found : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\22630~1.40\{16cdf~1\browse~1.dll
Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\AppDataLow\Software\conduitEngine
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\BrowserMngr
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\Google\Chrome\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk
Key Found : HKCU\Software\ilivid
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKLM\Software\Babylon
Key Found : HKLM\Software\BrowserMngr
Key Found : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Found : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\dnUpdate
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2438727
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2856425
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Found : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKU\S-1-5-21-3145774003-3066190270-2427905049-1001\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}]
Value Found : HKCU\Software\Mozilla\Firefox\Extensions [{EB132DB0-A4CA-11DF-9732-0E29E0D72085}]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{EB132DB0-A4CA-11DF-9732-0E29E0D72085}]
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
-\\ Mozilla Firefox v15.0.1 (en-US)
Profile name : default
File : C:\Users\MP\AppData\Roaming\Mozilla\Firefox\Profiles\7ehyr3dl.default\prefs.js
[OK] File is clean.
-\\ Google Chrome v [Unable to get version]
File : C:\Users\MP\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [6096 octets] - [13/09/2012 21:23:19]
########## EOF - C:\AdwCleaner[R1].txt - [6156 octets] ##########
-
Remove the Adware:
- Please close all open programs and internet browsers.
- Double click on adwcleaner.exe to run the tool.
- Click on Delete.
- Confirm each time with OK
- Your computer will be rebooted automatically. A text file will open after the restart.
- Please post the content of that logfile in your reply.
- You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
-
# AdwCleaner v2.001 - Logfile created 09/13/2012 at 22:11:56
# Updated 09/09/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : MP - MP-PC
# Boot Mode : Normal
# Running from : C:\Users\MP\Downloads\adwcleaner.exe
# Option [Delete]
***** [Services] *****
Stopped & Deleted : Browser Manager
***** [Files / Folders] *****
-
Re-run MBAM:
Code:
Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply..
***********************************************
Please download MiniToolBox (http://download.bleepingcomputer.com/farbar/MiniToolBox.exe) to Desktop and run it.
(http://i424.photobucket.com/albums/pp322/digistar/MiniToolBox.png)
Checkmark the following boxes:
- Flush DNS
- Report IE Proxy Settings
- Reset IE Proxy Settings
- List content of Hosts
- List IP Configuration
- Lst Last 10 Event Viewer Errors
- List Users, Partitions and Memory Size
[/b]
Click Go and copy/paste the log (Result.txt) into your next post.
Please tell me if you're still having problems.
-
Dave,
Here are the two logs. That's just it I'm not having any problems EXCEPT that *censored* pop up when I either open facebook or my yahoo. If it didn't become
annoying I would have never even looked it up to find out it's a threat. Very strange noting has picked it up.
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org
Database version: v2012.09.14.07
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
MP :: MP-PC [administrator]
9/14/2012 6:59:23 PM
mbam-log-2012-09-14 (18-59-23).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 208342
Time elapsed: 3 minute(s), 14 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
MiniToolBox by Farbar Version: 23-07-2012
Ran by MP (administrator) on 14-09-2012 at 19:05:54
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
========================= Flush DNS: ===================================
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================
Proxy is not enabled.
No Proxy Server is set.
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
127.0.0.1 localhost
========================= IP Configuration: ================================
Broadcom 802.11b/g WLAN = Wireless Network Connection (Connected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
reset
set global
popd
# End of IPv4 configuration
Windows IP Configuration
Host Name . . . . . . . . . . . . : MP-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : home
Wireless LAN adapter Wireless Network Connection 2:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 0C-60-76-7F-C2-5D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Wireless LAN adapter Wireless Network Connection:
Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Broadcom 802.11b/g WLAN
Physical Address. . . . . . . . . : 0C-60-76-7F-C2-5D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::182a:5f32:32fb:a1bd%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.4(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, September 12, 2012 11:34:40 AM
Lease Expires . . . . . . . . . . : Saturday, September 15, 2012 1:44:02 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 319578230
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-25-58-03-00-26-9E-41-3A-86
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter 6TO4 Adapter:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.home:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 16:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:953c:3c23:2323:3f57:fefb(Preferred)
Link-local IPv6 Address . . . . . : fe80::3c23:2323:3f57:fefb%23(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: Wireless_Broadband_Router.home
Address: 192.168.1.1
Name: google.com
Addresses: 2607:f8b0:4006:800::1001
74.125.226.201
74.125.226.192
74.125.226.206
74.125.226.197
74.125.226.194
74.125.226.198
74.125.226.196
74.125.226.200
74.125.226.199
74.125.226.195
74.125.226.193
Pinging google.com [74.125.226.199] with 32 bytes of data:
Reply from 74.125.226.199: bytes=32 time=9ms TTL=252
Reply from 74.125.226.199: bytes=32 time=12ms TTL=251
Ping statistics for 74.125.226.199:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 9ms, Maximum = 12ms, Average = 10ms
Server: Wireless_Broadband_Router.home
Address: 192.168.1.1
Name: yahoo.com
Addresses: 98.138.253.109
72.30.38.140
98.139.183.24
Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=764ms TTL=249
Reply from 72.30.38.140: bytes=32 time=796ms TTL=249
Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 764ms, Maximum = 796ms, Average = 780ms
Server: Wireless_Broadband_Router.home
Address: 192.168.1.1
Name: bleepingcomputer.com
Address: 208.43.87.2
Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.
Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
13...0c 60 76 7f c2 5d ......Microsoft Virtual WiFi Miniport Adapter
12...0c 60 76 7f c2 5d ......Broadcom 802.11b/g WLAN
1...........................Software Loopback Interface 1
11...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
26...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
23...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.4 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.4 281
192.168.1.4 255.255.255.255 On-link 192.168.1.4 281
192.168.1.255 255.255.255.255 On-link 192.168.1.4 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.4 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.4 281
===========================================================================
Persistent Routes:
None
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
23 58 ::/0 On-link
1 306 ::1/128 On-link
23 58 2001::/32 On-link
23 306 2001:0:9d38:953c:3c23:2323:3f57:fefb/128
On-link
12 281 fe80::/64 On-link
23 306 fe80::/64 On-link
12 281 fe80::182a:5f32:32fb:a1bd/128
On-link
23 306 fe80::3c23:2323:3f57:fefb/128
On-link
1 306 ff00::/8 On-link
23 306 ff00::/8 On-link
12 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Event log errors: ===============================
Application errors:
==================
Error: (09/12/2012 00:33:40 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.
Error: (09/12/2012 00:32:39 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (09/12/2012 00:32:38 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBE R_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.
Error: (09/11/2012 00:33:36 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (09/11/2012 00:32:44 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.
Error: (09/11/2012 00:31:45 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (09/11/2012 00:31:43 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBE R_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.
Error: (09/10/2012 10:33:27 AM) (Source: MsiInstaller) (User: MP-PC)MP-PC
Description: Product: QuickTime -- You do not have sufficient privileges to complete this installation for all users of the machine. Log on as an administrator and then retry this installation.
Error: (09/10/2012 10:25:16 AM) (Source: MsiInstaller) (User: MP-PC)MP-PC
Description: Product: QuickTime -- You do not have sufficient privileges to complete this installation for all users of the machine. Log on as an administrator and then retry this installation.
Error: (09/10/2012 10:24:55 AM) (Source: MsiInstaller) (User: MP-PC)MP-PC
Description: Product: QuickTime -- You do not have sufficient privileges to complete this installation for all users of the machine. Log on as an administrator and then retry this installation.
System errors:
=============
Error: (09/12/2012 11:33:58 AM) (Source: Application Popup) (User: )
Description: Driver DLACDBHE.SYS has been blocked from loading.
Error: (09/12/2012 03:18:18 AM) (Source: Application Popup) (User: )
Description: Driver DLACDBHE.SYS has been blocked from loading.
Error: (09/11/2012 04:46:05 PM) (Source: Application Popup) (User: )
Description: Driver DLACDBHE.SYS has been blocked from loading.
Error: (09/11/2012 04:46:33 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 4:44:36 PM on ?9/?11/?2012 was unexpected.
Error: (09/11/2012 09:51:17 AM) (Source: Application Popup) (User: )
Description: Driver DLACDBHE.SYS has been blocked from loading.
Error: (09/10/2012 00:18:42 PM) (Source: Application Popup) (User: )
Description: Driver DLACDBHE.SYS has been blocked from loading.
Error: (09/10/2012 11:43:01 AM) (Source: Application Popup) (User: )
Description: Driver DLACDBHE.SYS has been blocked from loading.
Error: (09/10/2012 11:39:31 AM) (Source: Application Popup) (User: )
Description: Driver DLACDBHE.SYS has been blocked from loading.
Error: (09/10/2012 10:49:11 AM) (Source: Application Popup) (User: )
Description: Driver DLACDBHE.SYS has been blocked from loading.
Error: (09/10/2012 10:37:57 AM) (Source: Application Popup) (User: )
Description: Driver DLACDBHE.SYS has been blocked from loading.
Microsoft Office Sessions:
=========================
========================= Memory info: ===================================
Percentage of memory in use: 39%
Total physical RAM: 8095.19 MB
Available physical RAM: 4933.71 MB
Total Pagefile: 16188.57 MB
Available Pagefile: 13082.54 MB
Total Virtual: 4095.88 MB
Available Virtual: 3967.73 MB
========================= Partitions: =====================================
1 Drive c: () (Fixed) (Total:219.97 GB) (Free:93.3 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:12.72 GB) (Free:2.12 GB) NTFS
3 Drive e: (Sep 09 2012) (CDROM) (Total:0.69 GB) (Free:0.44 GB) UDF
========================= Users: ========================================
User accounts for \\MP-PC
Administrator Guest MP
**** End of log ****
-
Could you please run AdwCleaner again and post the log.
SUPERAntiSpyware
If you already have SUPERAntiSpyware be sure to check for updates before scanning!
Download SuperAntispyware Free Edition (SAS) (http://www.superantispyware.com/download.html)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here (http://www.softpedia.com/get/Others/Signatures-Updates/SUPERAntiSpyware-Database-Definitions-Updates.shtml)
* Next click the Preferences button.
•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:
•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked
•Click the Close button to leave the control center screen.
* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes
•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.
•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...
* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
-
# AdwCleaner v2.001 - Logfile created 09/16/2012 at 10:53:34
# Updated 09/09/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : MP - MP-PC
# Boot Mode : Normal
# Running from : C:\Users\MP\Downloads\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
***** [Registry] *****
Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\AppDataLow\Software\conduitEngine
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\BrowserMngr
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\ilivid
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKLM\Software\Babylon
Key Found : HKLM\Software\BrowserMngr
Key Found : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Found : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\dnUpdate
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2438727
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2856425
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Found : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKU\S-1-5-21-3145774003-3066190270-2427905049-1001\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}]
Value Found : HKCU\Software\Mozilla\Firefox\Extensions [{EB132DB0-A4CA-11DF-9732-0E29E0D72085}]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{EB132DB0-A4CA-11DF-9732-0E29E0D72085}]
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
-\\ Mozilla Firefox v15.0.1 (en-US)
Profile name : default
File : C:\Users\MP\AppData\Roaming\Mozilla\Firefox\Profiles\7ehyr3dl.default\prefs.js
[OK] File is clean.
-\\ Google Chrome v [Unable to get version]
File : C:\Users\MP\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [11075 octets] - [13/09/2012 21:23:19]
AdwCleaner[S1].txt - [1753 octets] - [13/09/2012 22:11:56]
AdwCleaner[R2].txt - [4788 octets] - [16/09/2012 10:53:34]
########## EOF - C:\AdwCleaner[R2].txt - [4848 octets] ##########
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 09/16/2012 at 11:56 AM
Application Version : 5.0.1146
Core Rules Database Version : 9236
Trace Rules Database Version: 7048
Scan type : Complete Scan
Total Scan Time : 00:59:10
Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User
Memory items scanned : 552
Memory threats detected : 0
Registry items scanned : 68872
Registry threats detected : 0
File items scanned : 66199
File threats detected : 251
Adware.Tracking Cookie
C:\Users\MP\AppData\Roaming\Microsoft\Windows\Cookies\5XVA46NT.txt [ /avgtechnologies.112.2o7.net ]
C:\USERS\MP\Cookies\5XVA46NT.txt [ Cookie:[email protected]/ ]
adserv6.com [ C:\USERS\MP\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LQABSGMC ]
art.aim4media.com [ C:\USERS\MP\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LQABSGMC ]
track.in.omgpm.com [ C:\USERS\MP\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LQABSGMC ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /ADS.AUDXCH ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@247REALMEDIA[2].TXT [ /247REALMEDIA ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /A1.INTERCLICK ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /A1.INTERCLICK ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][3].TXT [ /A1.INTERCLICK ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][4].TXT [ /A1.INTERCLICK ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /AD.EPOCHTIMES ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /AD.YIELDMANAGER ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /AD.YIELDMANAGER ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][3].TXT [ /AD.YIELDMANAGER ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][4].TXT [ /AD.YIELDMANAGER ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][5].TXT [ /AD.YIELDMANAGER ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@ADBRITE[2].TXT [ /ADBRITE ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@ADBRITE[3].TXT [ /ADBRITE ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@ADBRITE[4].TXT [ /ADBRITE ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@ADCENTRICONLINE[1].TXT [ /ADCENTRICONLINE ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@ADECN[2].TXT [ /ADECN ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /ADFARM1.ADITION ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@ADINTERAX[1].TXT [ /ADINTERAX ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /ADS.POINTROLL ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /ADS.AS4X.TMCS.TICKETMASTER ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /ADS.AS4X.TMCS ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /ADS.NBA ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /ADS.PGATOUR ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@ADTECH[1].TXT [ /ADTECH ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@ADVERTISING[1].TXT [ /ADVERTISING ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@ADVERTISING[3].TXT [ /ADVERTISING ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@ADXPOSE[1].TXT [ /ADXPOSE ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@AMEX-INSIGHTS[1].TXT [ /AMEX-INSIGHTS ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@APMEBF[2].TXT [ /APMEBF ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@APMEBF[3].TXT [ /APMEBF ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /AT.ATWOLA ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@AZJMP[2].TXT [ /AZJMP ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /BEACON.DMSINSIGHTS ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /BS.SERVING-SYS ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@BURSTNET[2].TXT [ /BURSTNET ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@CASALEMEDIA[1].TXT [ /CASALEMEDIA ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@CASALEMEDIA[2].TXT [ /CASALEMEDIA ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@CASALEMEDIA[3].TXT [ /CASALEMEDIA ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /CB.ADBUREAU ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@CHITIKA[1].TXT [ /CHITIKA ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /CITI.BRIDGETRACK ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /CONTENT.YIELDMANAGER ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /CONTENT.YIELDMANAGER ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][3].TXT [ /CONTENT.YIELDMANAGER ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@DISCOUNTACPARTS[1].TXT [ /DISCOUNTACPARTS ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /EAS.APM.EMEDIATE ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /EHG-BORGATA.HITBOX ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /ECREATIVEWORKS.122.2O7 ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /EDGE.RU4 ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /EHG-JAYGROUP.HITBOX ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /EHG-ZOOMERANG.HITBOX ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /EVENT.TRVLCLICK ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@INSIGHTEXPRESSAI[1].TXT [ /INSIGHTEXPRESSAI ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@INTERCLICK[1].TXT [ /INTERCLICK ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@INTERCLICK[4].TXT [ /INTERCLICK ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /INTHESWIM.122.2O7 ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@INVITEMEDIA[1].TXT [ /INVITEMEDIA ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@INVITEMEDIA[2].TXT [ /INVITEMEDIA ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@INVITEMEDIA[3].TXT [ /INVITEMEDIA ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@INVITEMEDIA[4].TXT [ /INVITEMEDIA ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@INVITEMEDIA[6].TXT [ /INVITEMEDIA ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@INVITEMEDIA[7].TXT [ /INVITEMEDIA ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@LFSTMEDIA[2].TXT [ /LFSTMEDIA ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@LEGOLAS-MEDIA[1].TXT [ /LEGOLAS-MEDIA ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@LFSTMEDIA[3].TXT [ /LFSTMEDIA ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@LIVEPERSON[3].TXT [ /LIVEPERSON ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@LIVEPERSON[7].TXT [ /LIVEPERSON ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@MEDIABRANDSWW[1].TXT [ /MEDIABRANDSWW ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@MEDIAPLEX[1].TXT [ /MEDIAPLEX ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@MEDIAPLEX[2].TXT [ /MEDIAPLEX ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /MOVIETICKETSCOM.122.2O7 ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@NEXTAG[1].TXT [ /NEXTAG ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@PEOPLEFINDERS[1].TXT [ /PEOPLEFINDERS ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@QUESTIONMARKET[1].TXT [ /QUESTIONMARKET ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@QUESTIONMARKET[2].TXT [ /QUESTIONMARKET ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@QUESTIONMARKET[3].TXT [ /QUESTIONMARKET ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@REVSCI[2].TXT [ /REVSCI ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@REVSCI[1].TXT [ /REVSCI ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@REVSCI[3].TXT [ /REVSCI ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@REVSCI[4].TXT [ /REVSCI ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /RICHMEDIA.YAHOO ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /ROTATOR.ADJUGGLER ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@SERVING-SYS[2].TXT [ /SERVING-SYS ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /SOVEREIGNBANK.122.2O7 ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /STATS.PAYPAL ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /STATSE.WEBTRENDSLIVE ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@TACODA[1].TXT [ /TACODA ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@TRAFFICMP[3].TXT [ /TRAFFICMP ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /URLLEADBACK--ADVERTISING--COM.RTRK ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /VIDEOEGG.ADBUREAU ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /WALMART.112.2O7 ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /WWW.BURSTNET ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /WWW.QSSTATS ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /WWW2.ADDFREESTATS ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@ZEDO[1].TXT [ /ZEDO ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@ZEDO[2].TXT [ /ZEDO ]
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MP@ZEDO[4].TXT [ /ZEDO ]
.liveperson.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.adserver.adtechus.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.ad.mlnadvertising.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.yieldmanager.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.pointroll.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.aim4media.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.clickbooth.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
rotator.adjuggler.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
rotator.adjuggler.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
rotator.adjuggler.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.adjuggler.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
adserver.zenoviaexchange.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.adxpose.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.technoratimedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.technoratimedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.247realmedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.247realmedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.adinterax.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.lucidmedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.tacoda.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.ar.atwola.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.atwola.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
matcher.realmedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
network.realmedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.t.pointroll.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
www.werevenueu.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.lucidmedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.lucidmedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.247realmedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.pro-market.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.pro-market.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.pro-market.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.pro-market.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.pro-market.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
tracking999.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.pointroll.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
www.werevenueu.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.adinterax.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
network.realmedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
ad2.adfarm1.adition.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.tribalfusion.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.televisionfanatic.dl.mywebsearch.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.mywebsearch.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.micklemedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.micklemedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.micklemedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.micklemedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.micklemedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.micklemedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.micklemedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.micklemedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.micklemedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
sales.liveperson.net [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
.technoratimedia.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
mediaservices-d.openxenterprise.com [ C:\USERS\MP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EHYR3DL.DEFAULT\COOKIES.SQLITE ]
Trojan.Agent/Gen-FraudScan[Prod]
ZIP ARCHIVE( C:\USERS\MP\DOWNLOADS\USPS REPORT(1).ZIP )/USPS REPORT.EXE
C:\USERS\MP\DOWNLOADS\USPS REPORT(1).ZIP
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\RECENT\USPS REPORT(1).LNK
ZIP ARCHIVE( C:\USERS\MP\DOWNLOADS\USPS REPORT.ZIP )/USPS REPORT.EXE
C:\USERS\MP\DOWNLOADS\USPS REPORT.ZIP
C:\USERS\MP\APPDATA\ROAMING\MICROSOFT\WINDOWS\RECENT\USPS REPORT.LNK
Heur.Agent/Gen-WhiteBox
C:\USERS\MP\DOWNLOADS\INSTALL_FLASHPLAYER.EXE
C:\PROGRAM FILES (X86)\INTELLIDOWNLOAD\TORRENTSEARCH.EXE
-
Remove the Adware:
- Please close all open programs and internet browsers.
- Double click on adwcleaner.exe to run the tool.
- Click on Delete.
- Confirm each time with OK
- Your computer will be rebooted automatically. A text file will open after the restart.
- Please post the content of that logfile in your reply.
- You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
-
Dave ,
The only txt file was the one from this morning ?
# AdwCleaner v2.001 - Logfile created 09/16/2012 at 10:53:34
# Updated 09/09/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : MP - MP-PC
# Boot Mode : Normal
# Running from : C:\Users\MP\Downloads\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
***** [Registry] *****
Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\AppDataLow\Software\conduitEngine
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\BrowserMngr
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\ilivid
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKLM\Software\Babylon
Key Found : HKLM\Software\BrowserMngr
Key Found : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Found : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\dnUpdate
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2438727
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2856425
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Found : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKU\S-1-5-21-3145774003-3066190270-2427905049-1001\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}]
Value Found : HKCU\Software\Mozilla\Firefox\Extensions [{EB132DB0-A4CA-11DF-9732-0E29E0D72085}]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{EB132DB0-A4CA-11DF-9732-0E29E0D72085}]
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
-\\ Mozilla Firefox v15.0.1 (en-US)
Profile name : default
File : C:\Users\MP\AppData\Roaming\Mozilla\Firefox\Profiles\7ehyr3dl.default\prefs.js
[OK] File is clean.
-\\ Google Chrome v [Unable to get version]
File : C:\Users\MP\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [11075 octets] - [13/09/2012 21:23:19]
AdwCleaner[S1].txt - [1753 octets] - [13/09/2012 22:11:56]
AdwCleaner[R2].txt - [4788 octets] - [16/09/2012 10:53:34]
########## EOF - C:\AdwCleaner[R2].txt - [4848 octets] ##########
-
Remove the Adware:
- Please close all open programs and internet browsers.
- Double click on adwcleaner.exe to run the tool.
- Click on Delete.
- Confirm each time with OK
- Your computer will be rebooted automatically. A text file will open after the restart.
- Please post the content of that logfile in your reply.
- You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
-
# AdwCleaner v2.001 - Logfile created 09/16/2012 at 18:26:16
# Updated 09/09/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : MP - MP-PC
# Boot Mode : Normal
# Running from : C:\Users\MP\Downloads\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
***** [Registry] *****
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
-\\ Mozilla Firefox v15.0.1 (en-US)
Profile name : default
File : C:\Users\MP\AppData\Roaming\Mozilla\Firefox\Profiles\7ehyr3dl.default\prefs.js
[OK] File is clean.
-\\ Google Chrome v [Unable to get version]
File : C:\Users\MP\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R2].txt - [4909 octets] - [16/09/2012 10:53:34]
AdwCleaner[S2].txt - [894 octets] - [16/09/2012 18:26:16]
########## EOF - C:\AdwCleaner[S2].txt - [953 octets] ##########
-
Ok. We should be done here unless you are still having problems.
-
Dave ,
Thats the odd thing... except for the pop up when I wen to log in to fb or yahoo I never " thank God" had a problem.
Again..... TYVVM,
mp.
-
You're welcome. I will lock this thread. If you need it re-opened, please send me a pm.