1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive Need Help With Search Engine Redirect Problem

Discussion in 'Malware and Virus Removal Archive' started by trosel238, 2010/01/10.

  1. 2010/01/10
    trosel238

    trosel238 Inactive Thread Starter

    Joined:
    2010/01/10
    Messages:
    8
    Likes Received:
    0
    [Inactive] Need Help With Search Engine Redirect Problem

    A few days ago my computer was infected with some sort of trojan or virus
    that is causing all of my search engine links to redirect to various web sites.
    It does not matter if the search engine is google, yahoo, or bing. Clicking on
    the links at these search engine web sites will redirect you to another site.
    I have removed a couple of trojans with Avira that is currently running on
    my computer. I have also downloaded Spybot and Malware bye anti malware program. I have ran both and both have discovered and removed trojans or other problems, but after running both programs, even in safe mode, my
    computer is still redirecting when I click on the search engine links. Please
    help! Thanks! Listed below are the log files requested.

    DDS (Ver_09-12-01.01) - NTFSx86
    Run by Todd at 14:58:44.43 on Sun 01/10/2010
    Internet Explorer: 8.0.6001.18865
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.910 [GMT -6:00]

    SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
    SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\Explorer.EXE
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k hpdevmgmt
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    C:\Windows\system32\svchost.exe -k HPService
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil10d.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Todd\Downloads\dds.scr
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.yahoo.com/
    uInternet Settings,ProxyOverride = <local>;*.local
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\google\BAE.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    TB: {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No File
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [<NO NAME>]
    mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
    DPF: {195538FD-1C39-44B1-A7C3-5D7137A8A8F1} - hxxps://securera.edwardjones.com/vdesk/terminal/f5opswati.cab
    DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo1.walgreens.com/WalgreensActivia.cab
    DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} - c:\users\todd\appdata\local\temp\f5tmp\f5tunsrv.cab
    DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - c:\users\todd\appdata\local\temp\f5tmp\InstallerControl.cab
    DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} - hxxps://securera.edwardjones.com/vdesk/terminal/f5InspectionHost.cab
    DPF: {5C2F0FAA-4966-4587-A85C-E08563B86BF3} - hxxps://securera.edwardjones.com/policy/download_binary.php/win32/f5syschk.cab
    DPF: {7E73BE8F-FD87-44EC-8E22-023D5FF960FF} - c:\users\todd\appdata\local\temp\f5tmp\vdeskctrl.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} - hxxp://support.gateway.com/support/serialharvest/gwCID.CAB
    DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
    DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
    DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} - c:\users\todd\appdata\local\temp\f5tmp\urxshost.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - c:\users\todd\appdata\local\temp\f5tmp\urxhost.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} - c:\users\todd\appdata\local\temp\f5tmp\f5syschk.cab
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
    Hosts: 127.0.0.1 www.spywareinfo.com

    ============= SERVICES / DRIVERS ===============

    R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-6-25 11608]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-6-25 108289]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-6-25 185089]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-6-25 56816]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-1-5 1153368]
    R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2008-6-27 335872]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-8-13 133104]
    S2 hkmsvcBrowser;Health Key and Certificate Management hkmsvcBrowser;c:\windows\system32\8point1z.exe srv --> c:\windows\system32\8point1z.exe srv [?]
    S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-2-28 21504]
    S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-2-22 30192]
    S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]

    =============== Created Last 30 ================

    2010-01-10 15:38:53 0 d-----w- c:\program files\iPod
    2010-01-10 15:38:41 0 d-----w- c:\program files\iTunes
    2010-01-06 04:34:24 0 d-----w- c:\windows\pss
    2010-01-06 03:47:02 0 d-----w- c:\programdata\Spybot - Search & Destroy
    2010-01-06 03:47:02 0 d-----w- c:\program files\Spybot - Search & Destroy
    2010-01-03 18:41:28 0 d-----w- c:\program files\Trend Micro
    2009-12-23 03:43:08 0 d-----w- c:\users\todd\appdata\roaming\Malwarebytes
    2009-12-23 03:43:03 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-12-23 03:43:01 0 d-----w- c:\programdata\Malwarebytes
    2009-12-23 03:43:00 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-12-23 03:43:00 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-12-20 01:37:20 0 d-----w- c:\programdata\Office Genuine Advantage
    2009-12-18 07:27:57 380 --s-a-w- c:\windows\system32\203769681.dat
    2009-12-18 07:02:09 0 d-----w- c:\program files\common files\PX Storage Engine
    2009-12-18 07:01:39 0 d-----w- c:\program files\common files\DivX Shared
    2009-12-18 07:01:38 0 d-----w- c:\program files\DivX
    2009-12-18 07:00:09 0 d-----w- c:\program files\Need4 Software Launcher
    2009-12-18 07:00:02 0 d-----w- c:\program files\Need4 Video Converter 6
    2009-12-18 06:22:09 0 d-----w- c:\program files\AC3Filter

    ==================== Find3M ====================

    2009-12-08 21:18:21 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2009-12-08 02:53:19 665600 ----a-w- c:\windows\inf\drvindex.dat
    2009-12-08 02:53:19 51200 ----a-w- c:\windows\inf\infpub.dat
    2009-12-08 02:53:18 86016 ----a-w- c:\windows\inf\infstor.dat
    2009-12-08 02:53:18 143360 ----a-w- c:\windows\inf\infstrng.dat
    2009-12-08 02:53:11 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
    2009-12-08 02:53:07 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
    2009-11-21 06:40:20 916480 ----a-w- c:\windows\system32\wininet.dll
    2009-11-21 06:34:39 71680 ----a-w- c:\windows\system32\iesetup.dll
    2009-11-21 06:34:39 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2009-11-21 04:59:58 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2009-11-14 00:47:32 90112 ----a-w- c:\windows\system32\dpl100.dll
    2009-11-14 00:47:28 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
    2009-11-14 00:47:28 856064 ----a-w- c:\windows\system32\divx_xx07.dll
    2009-11-14 00:47:28 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
    2009-11-14 00:47:28 843776 ----a-w- c:\windows\system32\divx_xx16.dll
    2009-11-14 00:47:28 839680 ----a-w- c:\windows\system32\divx_xx11.dll
    2009-11-14 00:47:28 696320 ----a-w- c:\windows\system32\DivX.dll
    2009-11-09 12:31:42 24064 ----a-w- c:\windows\system32\nshhttp.dll
    2009-11-09 12:30:03 30720 ----a-w- c:\windows\system32\httpapi.dll
    2009-11-09 07:36:44 265797 ----a-w- c:\windows\system32\pdvcodec.dll
    2009-11-03 02:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
    2009-10-29 09:17:42 2048 ----a-w- c:\windows\system32\tzres.dll
    2009-03-20 00:57:58 174 --sha-w- c:\program files\desktop.ini
    2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
    2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
    2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
    2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
    2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
    2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
    2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
    2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

    ============= FINISH: 15:01:24.19 ===============


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_09-12-01.01)

    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 2/22/2009 5:50:38 PM
    System Uptime: 1/10/2010 1:34:51 PM (2 hours ago)

    Motherboard: Gateway | |
    Processor: Genuine Intel(R) CPU T2060 @ 1.60GHz | uFCPGA2 | 1600/533mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 139 GiB total, 59.58 GiB free.
    D: is FIXED (NTFS) - 10 GiB total, 4.468 GiB free.
    E: is CDROM ()

    ==== Disabled Device Manager Items =============

    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
    Description: Photosmart Plus B209a-m
    Device ID: ROOT\MULTIFUNCTION\0000
    Manufacturer: HP
    Name: Photosmart Plus B209a-m
    PNP Device ID: ROOT\MULTIFUNCTION\0000
    Service:

    ==== System Restore Points ===================


    ==== Installed Programs ======================

    32 Bit HP CIO Components Installer
    AAC Decoder
    AC3Filter (remove only)
    Acrobat.com
    Activation Assistant for the 2007 Microsoft Office suites
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.1
    AOL Uninstaller (Choose which Products to Remove)
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AutoUpdate
    Avira AntiVir Personal - Free Antivirus
    B209a-m
    Bejeweled 2 Deluxe
    Blackhawk Striker 2
    Blasterball 3
    Bonjour
    Browser Address Error Redirector
    BufferChm
    Civil War Generals II Demo
    Coupon Printer for Windows
    Destinations
    DeviceDiscovery
    Diner Dash
    DivX Codec
    DivX Converter
    DivX Player
    DivX Plus DirectShow Filters
    DivX Plus Web Player
    DivX Version Checker
    FATE
    Gateway Game Console
    Gateway Recovery Center Installer
    Google Desktop
    Google Earth
    Google Toolbar for Internet Explorer
    Google Update Helper
    GPBaseService2
    H.264 Decoder
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Customer Participation Program 13.0
    HP Imaging Device Functions 13.0
    HP Photosmart Plus B209a-m All-In-One Driver Software 13.0 Rel .6
    HP Print Projects 1.0
    HP Smart Web Printing
    HP Solution Center 13.0
    HP Update
    HPPhotoGadget
    hpPrintProjects
    HPProductAssistant
    HPSSupply
    hpWLPGInstaller
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Matrix Storage Manager
    iPhone Configuration Utility
    iTunes
    Java(TM) SE Runtime Environment 6
    Linkit_eBay
    Lords of Magic Demo
    Malwarebytes' Anti-Malware
    MarketResearch
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Digital Image Library 9 - Blocker
    Microsoft Digital Image Starter Edition 2006
    Microsoft Digital Image Starter Edition 2006 Editor
    Microsoft Digital Image Starter Edition 2006 Library
    Microsoft Money 2006
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Streets & Trips 2007 with GPS Locator
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Works
    MKV Splitter
    MobileMe Control Panel
    Motorola SM56 Data Fax Modem
    Move Media Player
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Need4 Software Launcher 6.2
    Need4 Video Converter 6
    Network
    OGA Notifier 2.0.0048.0
    OPSWAT AntiVirus and Firewall Integration Libraries
    Oregon Trail II
    Penguins!
    Polar Bowler
    Polar Golfer
    Power2Go 5.0
    PS_AIO_06_B209a-m_SW_Min
    QuickTime
    R.E. Lee Civil War General
    REALTEK RTL8187 Wireless LAN Driver
    Safari
    Scan
    SCRABBLE
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB973704)
    Security Update for Microsoft Office Excel 2007 (KB973593)
    Security Update for Microsoft Office PowerPoint 2007 (KB957789)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB969613)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Shop for HP Supplies
    Sierra Utilities
    SigmaTel Audio
    SolutionCenter
    Spybot - Search & Destroy
    Status
    Synaptics Pointing Device Driver
    TaxCut Premium + Efile 2008
    Texas Instruments PCIxx21/x515/xx12 drivers.
    TIPCI
    Toolbox
    Tradewinds
    TrayApp
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office InfoPath 2007 (KB976416)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 (KB974561)
    Update for Microsoft Office Word 2007 Help (KB963665)
    VC80CRTRedist - 8.0.50727.4053
    Viewpoint Media Player
    WebReg
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Yahoo! Toolbar

    ==== End Of File ===========================
     
    trosel238,
    #1
  2. 2010/01/10
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    What browser is getting redirected?

    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.


    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Please, never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE. If Combofix asks you to install Recovery Console, please allow it.

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!


    Download HijackThis:
    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
    by clicking on Installer under Version 2.0.2
    [DO NOT download version 2.0.3 (beta)]
    Install, and run it.
    Post HijackTHis log.
    Do NOT attempt to fix anything!

    NOTE. If you're using Vista, or 7, right click on HijackThis, and click Run as Administrator
     
    broni,
    #2


  3. to hide this advert.

  4. 2010/01/10
    trosel238

    trosel238 Inactive Thread Starter

    Joined:
    2010/01/10
    Messages:
    8
    Likes Received:
    0
    This is affecting all of my browsers. Internet Explorere is the one that I use, but I have tried the Apple safari browser and it does the same thing.
    I am downloading the combo fix and will follow your instructions.
     
    trosel238,
    #3
  5. 2010/01/11
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Ok...
     
    broni,
    #4
  6. 2010/01/11
    trosel238

    trosel238 Inactive Thread Starter

    Joined:
    2010/01/10
    Messages:
    8
    Likes Received:
    0
    Here is my combo fix log and below it is my hi jack this log. Hope this helps!
    Thanks!


    ComboFix 10-01-04.01 - Todd 01/11/2010 17:31:41.1.2 - x86
    Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.1.1033.18.2037.985 [GMT -6:00]
    Running from: c:\users\Todd\Desktop\ComboFix.exe
    SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
    SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\$recycle.bin\S-1-5-21-3631820747-2060408759-1285293944-500
    C:\Microsoft
    c:\windows\COUPON~1.OCX
    c:\windows\CouponPrinter.ocx
    c:\windows\system32\203769681.dat
    D:\Autorun.inf

    Infected copy of c:\windows\system32\DRIVERS\iaStor.sys was found and disinfected
    Restored copy from - Kitty ate it :p
    .
    ((((((((((((((((((((((((( Files Created from 2009-12-11 to 2010-01-11 )))))))))))))))))))))))))))))))
    .

    2010-01-10 15:38 . 2010-01-10 15:38 -------- d-----w- c:\program files\iPod
    2010-01-10 15:38 . 2010-01-10 15:39 -------- d-----w- c:\program files\iTunes
    2010-01-10 15:35 . 2010-01-10 15:35 -------- d-----w- c:\program files\QuickTime
    2010-01-06 03:47 . 2010-01-06 04:25 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2010-01-06 03:47 . 2010-01-06 03:49 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2010-01-03 18:41 . 2010-01-03 18:41 -------- d-----w- c:\program files\Trend Micro
    2009-12-23 03:43 . 2009-12-23 03:43 -------- d-----w- c:\users\Todd\AppData\Roaming\Malwarebytes
    2009-12-23 03:43 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-12-23 03:43 . 2009-12-23 03:43 -------- d-----w- c:\programdata\Malwarebytes
    2009-12-23 03:43 . 2010-01-10 02:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-12-23 03:43 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-12-20 01:37 . 2009-12-20 01:37 -------- d-----w- c:\programdata\Office Genuine Advantage
    2009-12-19 22:57 . 2009-12-19 22:57 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
    2009-12-18 17:29 . 2009-12-18 17:29 -------- d-----w- c:\program files\Microsoft Silverlight
    2009-12-18 07:27 . 2009-12-18 07:27 -------- d-----w- c:\windows\Sun
    2009-12-18 07:04 . 2009-12-18 07:10 -------- d-----w- c:\users\Todd\AppData\Roaming\DivX
    2009-12-18 07:02 . 2009-12-18 07:02 -------- d-----w- c:\program files\Common Files\PX Storage Engine
    2009-12-18 07:01 . 2009-12-18 07:01 -------- d-----w- c:\program files\Common Files\DivX Shared
    2009-12-18 07:01 . 2009-12-18 07:02 -------- d-----w- c:\program files\DivX
    2009-12-18 07:00 . 2009-12-18 07:00 -------- d-----w- c:\program files\Need4 Software Launcher
    2009-12-18 07:00 . 2009-12-18 07:00 -------- d-----w- c:\program files\Need4 Video Converter 6
    2009-12-18 06:22 . 2009-12-18 06:22 -------- d-----w- c:\program files\AC3Filter
    2009-12-15 19:12 . 2009-12-15 19:24 -------- d-----w- c:\users\Todd\AppData\Local\Microsoft Games

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-01-10 15:38 . 2009-05-03 00:18 -------- d-----w- c:\program files\Common Files\Apple
    2010-01-10 15:10 . 2009-08-15 22:50 -------- d-----w- c:\program files\Safari
    2009-12-22 01:04 . 2009-02-23 00:13 -------- d-----w- c:\program files\Google
    2009-12-20 19:24 . 2009-02-23 00:09 -------- d-----w- c:\programdata\Microsoft Help
    2009-12-20 01:37 . 2009-02-22 23:34 70880 ----a-w- c:\users\Todd\AppData\Local\GDIPFONTCACHEV1.DAT
    2009-12-19 23:35 . 2009-02-23 00:11 -------- d-----w- c:\program files\Microsoft Works
    2009-12-18 18:52 . 2009-10-08 03:40 -------- d-----w- c:\programdata\NOS
    2009-12-18 07:13 . 2009-05-03 00:20 -------- d-----w- c:\users\Todd\AppData\Roaming\Apple Computer
    2009-12-09 00:14 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
    2009-12-08 21:18 . 2009-06-26 02:15 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2009-12-08 03:07 . 2009-02-22 23:53 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-12-08 03:07 . 2009-02-23 00:20 -------- d-----w- c:\programdata\Napster
    2009-12-08 02:53 . 2009-12-08 02:53 -------- d-----w- c:\program files\Windows Portable Devices
    2009-12-08 02:53 . 2009-12-08 02:53 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
    2009-12-08 02:53 . 2009-12-08 02:53 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
    2009-12-07 23:31 . 2009-09-20 02:18 -------- d-----w- c:\users\Todd\AppData\Roaming\HpUpdate
    2009-11-21 06:40 . 2009-12-08 23:59 916480 ----a-w- c:\windows\system32\wininet.dll
    2009-11-21 06:34 . 2009-12-08 23:59 71680 ----a-w- c:\windows\system32\iesetup.dll
    2009-11-21 06:34 . 2009-12-08 23:59 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2009-11-21 04:59 . 2009-12-08 23:59 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2009-11-14 00:47 . 2009-11-14 00:47 90112 ----a-w- c:\windows\system32\dpl100.dll
    2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
    2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx07.dll
    2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
    2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- c:\windows\system32\divx_xx16.dll
    2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- c:\windows\system32\divx_xx11.dll
    2009-11-14 00:47 . 2009-11-14 00:47 696320 ----a-w- c:\windows\system32\DivX.dll
    2009-11-09 12:31 . 2009-12-09 00:03 24064 ----a-w- c:\windows\system32\nshhttp.dll
    2009-11-09 12:30 . 2009-12-09 00:03 30720 ----a-w- c:\windows\system32\httpapi.dll
    2009-11-09 10:36 . 2009-12-09 00:03 411648 ----a-w- c:\windows\system32\drivers\http.sys
    2009-11-09 07:36 . 2009-11-09 07:36 265797 ----a-w- c:\windows\system32\pdvcodec.dll
    2009-11-03 02:42 . 2009-10-03 02:57 195456 ------w- c:\windows\system32\MpSigStub.exe
    2009-10-29 09:17 . 2009-12-08 02:48 2048 ----a-w- c:\windows\system32\tzres.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer "= "c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    "Google Update "= "c:\users\Todd\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-12-07 135664]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avgnt "= "c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
    "HP Software Update "= "c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
    "Malwarebytes Anti-Malware (reboot) "= "c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]
    "QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
    "iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
    "AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle "= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs "=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "mixer "=wdmaud.drv

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @= "Service "

    [HKLM\~\startupfolder\C:^Users^Todd^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
    path=c:\users\Todd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
    backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
    backupExtension=.Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2009-02-27 22:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    2009-12-08 02:35 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
    2006-09-26 00:52 50736 ----a-w- c:\program files\Common Files\aol\1236551489\ee\aolsoftware.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    2006-12-12 02:03 106496 ----a-w- c:\windows\System32\hkcmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
    2006-09-29 20:39 151552 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    2006-12-12 02:02 98304 ----a-w- c:\windows\System32\igfxtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LMPDPSRV]
    2002-07-11 14:31 45056 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\LMpdpsrv.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
    2006-12-12 02:02 81920 ----a-w- c:\windows\System32\igfxpers.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
    2007-01-17 06:34 634880 ----a-w- c:\program files\Motorola\SMSERIAL\sm56hlpr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
    2006-11-17 05:58 815104 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "VistaSp2 "=hex(b):71,6c,b1,2b,22,df,c9,01

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3631820747-2060408759-1285293944-1000]
    "EnableNotificationsRef "=dword:00000002

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3631820747-2060408759-1285293944-500]
    "EnableNotificationsRef "=dword:00000002

    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/25/2009 8:15 PM 108289]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [1/5/2010 9:47 PM 1153368]
    R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\System32\drivers\RTL8187.sys [6/27/2008 1:40 AM 335872]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/13/2009 7:45 PM 133104]
    S2 hkmsvcBrowser;Health Key and Certificate Management hkmsvcBrowser;c:\windows\system32\8point1z.exe srv --> c:\windows\system32\8point1z.exe srv [?]
    S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2/28/2009 10:42 PM 21504]
    S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2/22/2009 6:13 PM 30192]
    S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\System32\drivers\NETw2v32.sys [11/2/2006 4:25 AM 2589184]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    HPService REG_MULTI_SZ HPSLPSVC
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder

    2010-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-14 01:45]

    2010-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-14 01:45]

    2010-01-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3631820747-2060408759-1285293944-1000Core.job
    - c:\users\Todd\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-10 23:31]

    2010-01-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3631820747-2060408759-1285293944-1000UA.job
    - c:\users\Todd\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-10 23:31]

    2010-01-12 c:\windows\Tasks\User_Feed_Synchronization-{79794AE7-16A4-43D3-B906-19591BEC48A1}.job
    - c:\windows\system32\msfeedssync.exe [2009-12-08 04:59]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    uInternet Settings,ProxyOverride = <local>;*.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    DPF: {195538FD-1C39-44B1-A7C3-5D7137A8A8F1} - hxxps://securera.edwardjones.com/vdesk/terminal/f5opswati.cab
    DPF: {5C2F0FAA-4966-4587-A85C-E08563B86BF3} - hxxps://securera.edwardjones.com/policy/download_binary.php/win32/f5syschk.cab
    DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
    .
    - - - - ORPHANS REMOVED - - - -

    MSConfigStartUp-BigFix - c:\program files\Bigfix\bigfix.exe
    MSConfigStartUp-NapsterShell - c:\program files\Napster\napster.exe



    **************************************************************************
    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files:

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000
    "MSCurrentCountry "=dword:000000b5
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
    c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
    c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
    c:\windows\servicing\TrustedInstaller.exe
    .
    **************************************************************************
    .
    Completion time: 2010-01-11 18:02:27 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-01-12 00:02

    Pre-Run: 66,332,925,952 bytes free
    Post-Run: 66,200,072,192 bytes free

    - - End Of File - - 2D46AA3C25C96EE5566602A31ED3DC44



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:26:32 PM, on 1/11/2010
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18865)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil10d.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\BAE.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Todd\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    O16 - DPF: {195538FD-1C39-44B1-A7C3-5D7137A8A8F1} (OPSWAT AntiViruses Class) - https://securera.edwardjones.com/vdesk/terminal/f5opswati.cab
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo1.walgreens.com/WalgreensActivia.cab
    O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} (F5 Networks Dynamic Application Tunnel Control) - C:\Users\Todd\AppData\Local\Temp\f5tmp\f5tunsrv.cab
    O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - C:\Users\Todd\AppData\Local\Temp\f5tmp\InstallerControl.cab
    O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} (F5 Networks Policy Agent Host Class) - https://securera.edwardjones.com/vdesk/terminal/f5InspectionHost.cab
    O16 - DPF: {5C2F0FAA-4966-4587-A85C-E08563B86BF3} (F5 Networks Registry Policy Agent) - https://securera.edwardjones.com/policy/download_binary.php/win32/f5syschk.cab
    O16 - DPF: {7E73BE8F-FD87-44EC-8E22-023D5FF960FF} (F5 Virtual Sandbox Class) - C:\Users\Todd\AppData\Local\Temp\f5tmp\vdeskctrl.cab
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gateway.com/support/serialharvest/gwCID.CAB
    O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
    O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} (F5 Networks SuperHost Class) - C:\Users\Todd\AppData\Local\Temp\f5tmp\urxshost.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - C:\Users\Todd\AppData\Local\Temp\f5tmp\urxhost.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} (F5 Networks OS Policy Agent) - C:\Users\Todd\AppData\Local\Temp\f5tmp\f5syschk.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Health Key and Certificate Management hkmsvcBrowser (hkmsvcBrowser) - Unknown owner - C:\Windows\system32\8point1z.exe (file missing)
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

    --
    End of file - 9023 bytes
     
    trosel238,
    #5
  7. 2010/01/11
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    How is redirection?

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
c:\windows\system32\8point1z.exe srv


Folder::

Driver::
hkmsvcBrowser

Registry::

RegLockDel::

    3. Save the above as CFScript.txt

    4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
    • A new HijackThis log.
     
    broni,
    #6
  8. 2010/01/11
    trosel238

    trosel238 Inactive Thread Starter

    Joined:
    2010/01/10
    Messages:
    8
    Likes Received:
    0
    The search engine links are working properly now. No redirecting!!!
    Here are the logs you requested.

    ComboFix 10-01-04.01 - Todd 01/11/2010 19:21:35.2.2 - x86
    Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.1.1033.18.2037.1272 [GMT -6:00]
    Running from: c:\users\Todd\Desktop\ComboFix.exe
    Command switches used :: c:\users\Todd\Desktop\CFScript.txt
    SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
    SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

    FILE ::
    "c:\windows\system32\8point1z.exe srv "
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_hkmsvcBrowser


    ((((((((((((((((((((((((( Files Created from 2009-12-12 to 2010-01-12 )))))))))))))))))))))))))))))))
    .

    2010-01-12 01:30 . 2010-01-12 01:30 -------- d-----w- c:\users\Public\AppData\Local\temp
    2010-01-12 01:30 . 2010-01-12 01:30 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-01-12 00:02 . 2010-01-12 01:33 -------- d-----w- c:\users\Todd\AppData\Local\temp
    2010-01-10 15:38 . 2010-01-10 15:38 -------- d-----w- c:\program files\iPod
    2010-01-10 15:38 . 2010-01-10 15:39 -------- d-----w- c:\program files\iTunes
    2010-01-10 15:35 . 2010-01-10 15:35 -------- d-----w- c:\program files\QuickTime
    2010-01-06 03:47 . 2010-01-06 04:25 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2010-01-06 03:47 . 2010-01-06 03:49 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2010-01-03 18:41 . 2010-01-03 18:41 -------- d-----w- c:\program files\Trend Micro
    2009-12-23 03:43 . 2009-12-23 03:43 -------- d-----w- c:\users\Todd\AppData\Roaming\Malwarebytes
    2009-12-23 03:43 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-12-23 03:43 . 2009-12-23 03:43 -------- d-----w- c:\programdata\Malwarebytes
    2009-12-23 03:43 . 2010-01-10 02:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-12-23 03:43 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-12-20 01:37 . 2009-12-20 01:37 -------- d-----w- c:\programdata\Office Genuine Advantage
    2009-12-19 22:57 . 2009-12-19 22:57 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
    2009-12-18 17:29 . 2009-12-18 17:29 -------- d-----w- c:\program files\Microsoft Silverlight
    2009-12-18 07:27 . 2009-12-18 07:27 -------- d-----w- c:\windows\Sun
    2009-12-18 07:04 . 2009-12-18 07:10 -------- d-----w- c:\users\Todd\AppData\Roaming\DivX
    2009-12-18 07:02 . 2009-12-18 07:02 -------- d-----w- c:\program files\Common Files\PX Storage Engine
    2009-12-18 07:01 . 2009-12-18 07:01 -------- d-----w- c:\program files\Common Files\DivX Shared
    2009-12-18 07:01 . 2009-12-18 07:02 -------- d-----w- c:\program files\DivX
    2009-12-18 07:00 . 2009-12-18 07:00 -------- d-----w- c:\program files\Need4 Software Launcher
    2009-12-18 07:00 . 2009-12-18 07:00 -------- d-----w- c:\program files\Need4 Video Converter 6
    2009-12-18 06:22 . 2009-12-18 06:22 -------- d-----w- c:\program files\AC3Filter
    2009-12-15 19:12 . 2009-12-15 19:24 -------- d-----w- c:\users\Todd\AppData\Local\Microsoft Games

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-01-10 15:38 . 2009-05-03 00:18 -------- d-----w- c:\program files\Common Files\Apple
    2010-01-10 15:10 . 2009-08-15 22:50 -------- d-----w- c:\program files\Safari
    2009-12-22 01:04 . 2009-02-23 00:13 -------- d-----w- c:\program files\Google
    2009-12-20 19:24 . 2009-02-23 00:09 -------- d-----w- c:\programdata\Microsoft Help
    2009-12-20 01:37 . 2009-02-22 23:34 70880 ----a-w- c:\users\Todd\AppData\Local\GDIPFONTCACHEV1.DAT
    2009-12-19 23:35 . 2009-02-23 00:11 -------- d-----w- c:\program files\Microsoft Works
    2009-12-18 18:52 . 2009-10-08 03:40 -------- d-----w- c:\programdata\NOS
    2009-12-18 07:13 . 2009-05-03 00:20 -------- d-----w- c:\users\Todd\AppData\Roaming\Apple Computer
    2009-12-09 00:14 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
    2009-12-08 21:18 . 2009-06-26 02:15 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2009-12-08 03:07 . 2009-02-22 23:53 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-12-08 03:07 . 2009-02-23 00:20 -------- d-----w- c:\programdata\Napster
    2009-12-08 02:53 . 2009-12-08 02:53 -------- d-----w- c:\program files\Windows Portable Devices
    2009-12-08 02:53 . 2009-12-08 02:53 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
    2009-12-08 02:53 . 2009-12-08 02:53 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
    2009-12-07 23:31 . 2009-09-20 02:18 -------- d-----w- c:\users\Todd\AppData\Roaming\HpUpdate
    2009-11-21 06:40 . 2009-12-08 23:59 916480 ----a-w- c:\windows\system32\wininet.dll
    2009-11-21 06:34 . 2009-12-08 23:59 71680 ----a-w- c:\windows\system32\iesetup.dll
    2009-11-21 06:34 . 2009-12-08 23:59 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2009-11-21 04:59 . 2009-12-08 23:59 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2009-11-14 00:47 . 2009-11-14 00:47 90112 ----a-w- c:\windows\system32\dpl100.dll
    2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
    2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx07.dll
    2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
    2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- c:\windows\system32\divx_xx16.dll
    2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- c:\windows\system32\divx_xx11.dll
    2009-11-14 00:47 . 2009-11-14 00:47 696320 ----a-w- c:\windows\system32\DivX.dll
    2009-11-09 12:31 . 2009-12-09 00:03 24064 ----a-w- c:\windows\system32\nshhttp.dll
    2009-11-09 12:30 . 2009-12-09 00:03 30720 ----a-w- c:\windows\system32\httpapi.dll
    2009-11-09 10:36 . 2009-12-09 00:03 411648 ----a-w- c:\windows\system32\drivers\http.sys
    2009-11-09 07:36 . 2009-11-09 07:36 265797 ----a-w- c:\windows\system32\pdvcodec.dll
    2009-11-03 02:42 . 2009-10-03 02:57 195456 ------w- c:\windows\system32\MpSigStub.exe
    2009-10-29 09:17 . 2009-12-08 02:48 2048 ----a-w- c:\windows\system32\tzres.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Google Update "= "c:\users\Todd\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-12-07 135664]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avgnt "= "c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
    "HP Software Update "= "c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
    "Malwarebytes Anti-Malware (reboot) "= "c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]
    "QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
    "iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
    "AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle "= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs "=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "mixer "=wdmaud.drv

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @= "Service "

    [HKLM\~\startupfolder\C:^Users^Todd^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
    path=c:\users\Todd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
    backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
    backupExtension=.Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2009-02-27 22:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    2009-12-08 02:35 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
    2006-09-26 00:52 50736 ----a-w- c:\program files\Common Files\aol\1236551489\ee\aolsoftware.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    2006-12-12 02:03 106496 ----a-w- c:\windows\System32\hkcmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
    2006-09-29 20:39 151552 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    2006-12-12 02:02 98304 ----a-w- c:\windows\System32\igfxtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LMPDPSRV]
    2002-07-11 14:31 45056 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\LMpdpsrv.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
    2006-12-12 02:02 81920 ----a-w- c:\windows\System32\igfxpers.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
    2007-01-17 06:34 634880 ----a-w- c:\program files\Motorola\SMSERIAL\sm56hlpr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    2009-03-05 22:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
    2006-11-17 05:58 815104 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "VistaSp2 "=hex(b):71,6c,b1,2b,22,df,c9,01

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3631820747-2060408759-1285293944-1000]
    "EnableNotificationsRef "=dword:00000002

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3631820747-2060408759-1285293944-500]
    "EnableNotificationsRef "=dword:00000002

    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/25/2009 8:15 PM 108289]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [1/5/2010 9:47 PM 1153368]
    R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\System32\drivers\RTL8187.sys [6/27/2008 1:40 AM 335872]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/13/2009 7:45 PM 133104]
    S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2/28/2009 10:42 PM 21504]
    S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2/22/2009 6:13 PM 30192]
    S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\System32\drivers\NETw2v32.sys [11/2/2006 4:25 AM 2589184]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    HPService REG_MULTI_SZ HPSLPSVC
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder

    2010-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-14 01:45]

    2010-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-14 01:45]

    2010-01-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3631820747-2060408759-1285293944-1000Core.job
    - c:\users\Todd\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-10 23:31]

    2010-01-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3631820747-2060408759-1285293944-1000UA.job
    - c:\users\Todd\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-10 23:31]

    2010-01-12 c:\windows\Tasks\User_Feed_Synchronization-{79794AE7-16A4-43D3-B906-19591BEC48A1}.job
    - c:\windows\system32\msfeedssync.exe [2009-12-08 04:59]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    uInternet Settings,ProxyOverride = <local>;*.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    DPF: {195538FD-1C39-44B1-A7C3-5D7137A8A8F1} - hxxps://securera.edwardjones.com/vdesk/terminal/f5opswati.cab
    DPF: {5C2F0FAA-4966-4587-A85C-E08563B86BF3} - hxxps://securera.edwardjones.com/policy/download_binary.php/win32/f5syschk.cab
    DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-01-11 19:32
    Windows 6.0.6002 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000
    "MSCurrentCountry "=dword:000000b5
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
    c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
    c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
    .
    **************************************************************************
    .
    Completion time: 2010-01-11 19:44:41 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-01-12 01:44
    ComboFix2.txt 2010-01-12 00:02

    Pre-Run: 66,240,462,848 bytes free
    Post-Run: 66,112,516,096 bytes free

    - - End Of File - - 21167C4970BD80272C8621453A1DA25A


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:45:21 PM, on 1/11/2010
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18865)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil10d.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Windows\system32\msfeedssync.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\BAE.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Todd\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    O16 - DPF: {195538FD-1C39-44B1-A7C3-5D7137A8A8F1} (OPSWAT AntiViruses Class) - https://securera.edwardjones.com/vdesk/terminal/f5opswati.cab
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo1.walgreens.com/WalgreensActivia.cab
    O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} (F5 Networks Dynamic Application Tunnel Control) - C:\Users\Todd\AppData\Local\Temp\f5tmp\f5tunsrv.cab
    O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - C:\Users\Todd\AppData\Local\Temp\f5tmp\InstallerControl.cab
    O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} (F5 Networks Policy Agent Host Class) - https://securera.edwardjones.com/vdesk/terminal/f5InspectionHost.cab
    O16 - DPF: {5C2F0FAA-4966-4587-A85C-E08563B86BF3} (F5 Networks Registry Policy Agent) - https://securera.edwardjones.com/policy/download_binary.php/win32/f5syschk.cab
    O16 - DPF: {7E73BE8F-FD87-44EC-8E22-023D5FF960FF} (F5 Virtual Sandbox Class) - C:\Users\Todd\AppData\Local\Temp\f5tmp\vdeskctrl.cab
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gateway.com/support/serialharvest/gwCID.CAB
    O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
    O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} (F5 Networks SuperHost Class) - C:\Users\Todd\AppData\Local\Temp\f5tmp\urxshost.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - C:\Users\Todd\AppData\Local\Temp\f5tmp\urxhost.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} (F5 Networks OS Policy Agent) - C:\Users\Todd\AppData\Local\Temp\f5tmp\f5syschk.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

    --
    End of file - 8623 bytes
     
    trosel238,
    #7
  9. 2010/01/12
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Very well :)

    Print these instructions out.

    NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

    ***VERY IMPORTANT! Make sure, you update Superantispyware, and Malwarebytes before running the scans.***

    STEP 1. Download SUPERAntiSpyware Free for Home Users:
    http://www.superantispyware.com/

    * Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    * An icon will be created on your desktop. Double-click that icon to launch the program.
    * If asked to update the program definitions, click "Yes ". If not, update the definitions before scanning by selecting "Check for Updates ". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
    * Close SUPERAntiSpyware.

    PHYSICALLY DISCONNECT FROM THE INTERNET

    Restart computer in Safe Mode.
    To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

    * Open SUPERAntiSpyware.
    * Click Scan your Computer... button.
    * Click Scanning Preferences/Control Center... button.
    * Under General and Startup tab, make sure, Start SUPERAntiSpyware when Windows starts option is UN-checked.
    * Click the Scanning Control tab.
    * Under Scanner Options make sure the following are checked (leave all others unchecked):
    - Close browsers before scanning.
    - Terminate memory threats before quarantining.
    * Click the Close button to leave the control center screen.
    * On the left, make sure you check C:\Fixed Drive.
    * On the right, choose Perform Complete Scan.
    * Click Next to start the scan. Please be patient while it scans your computer.
    * After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.
    * Make sure everything has a checkmark next to it and click Next.
    * A notification will appear that Quarantine and Removal is Complete. Click OK and then click the Finish button to return to the main menu.
    * If asked if you want to reboot, click Yes.
    * To retrieve the removal information after reboot, launch SUPERAntispyware again.
    - Click Preferences, then click the Statistics/Logs tab.
    - Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    - If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    - Please copy and paste the Scan Log results in your next reply.
    * Click Close to exit the program.
    Post SUPERAntiSpyware log.

    RECONNECT TO THE INTERNET

    RESTART COMPUTER!

    STEP 2. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
    (Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform full scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    RESTART COMPUTER!

    STEP 3.
    Post fresh HijackThis log.
    NOTE. If you're using Vista, right click on HijackThis, and click Run as Administrator
    Do NOT attempt to "fix" anything!


    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #8
  10. 2010/01/12
    trosel238

    trosel238 Inactive Thread Starter

    Joined:
    2010/01/10
    Messages:
    8
    Likes Received:
    0
    Ok, here is the superantispyware log. I will run the malwarebytes and hi jack this log next.

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com
    Generated 01/12/2010 at 08:12 PM
    Application Version : 4.33.1000

    Core Rules Database Version : 4446
    Trace Rules Database Version: 2289

    Scan type : Complete Scan
    Total Scan Time : 01:23:37

    Memory items scanned : 287
    Memory threats detected : 0
    Registry items scanned : 6669
    Registry threats detected : 0
    File items scanned : 55166
    File threats detected : 667

    Adware.Tracking Cookie
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\todd@www.gatorcountry[2].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\todd@tracking.foxnews[2].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\todd@atdmt[2].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@content.yieldmanager[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@aplaceformom.112.2o7[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@ehg-myspaceinc.hitbox[2].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@content.yieldmanager[3].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@adrevolver[2].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@tacoda[2].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@www.gatorcountry[2].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@casalemedia[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@ads.thesmokinggun[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@revsci[2].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@www.googleadservices[3].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@insightexpressai[2].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@specificclick[2].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@www.googleadservices[4].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@www.googleadservices[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@nextag[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@ehg-viacom.hitbox[2].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@questionmarket[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@www.googleadservices[2].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@edge.ru4[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@ad1.clickhype[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@videoegg.adbureau[2].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@ads.bridgetrack[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@medhelpinternational.112.2o7[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@pentonmedia.122.2o7[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@bet.burstnet[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@ads.foodbuzz[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@trvlnet.adbureau[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@adlegend[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@imeem.112.2o7[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@find.myrecipes[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@adinterax[2].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@ehg-aha.hitbox[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@ad.yieldmanager[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@msnbc.112.2o7[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@tribalfusion[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@ads.nebuadserving[2].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@overture[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@warnerbros.112.2o7[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@www.burstnet[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@serving-sys[2].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@adopt.specificclick[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@adserver.adtechus[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@interclick[2].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@ads.widgetbucks[2].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@revenue[2].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@nhl.112.2o7[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@dmtracker[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@www.burstbeacon[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@tracking.keywordmax[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@kiplinger.112.2o7[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@ads.emedtv[2].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@statse.webtrendslive[2].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@msnportal.112.2o7[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@ads.pointroll[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@rm.yieldmanager[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@adserver.71i[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@hulu.112.2o7[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@ehg-dig.hitbox[2].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@tracking.foxnews[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@cdnh.tremormedia[2].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@roiservice[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@adserving.contextualmarketplace[2].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@adecn[2].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@atdmt[2].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@iacas.adbureau[2].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@media.photobucket[2].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@azjmp[2].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@ehg-nestleusainc.hitbox[2].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@ads.mediageeks[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@ads.lucidmedia[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@eas.apm.emediate[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@chitika[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@technologyquestions[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@viacom.adbureau[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@media.adrevolver[2].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@usnews.122.2o7[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@ads.monster[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@burstnet[2].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@s.clickability[2].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@media.adrevolver[3].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@mediaplex[2].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@stat.dealtime[2].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@apmebf[2].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@homestore.122.2o7[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@ar1.atwola[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@specificmedia[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@foxnews.112.2o7[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@ads.cnn[2].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@ads.as4x.tmcs.ticketmaster[2].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@adserv.trialcheckout[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@bluestreak[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@ad.flux[2].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@stats.townnews[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@rotator.adjuggler[2].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@advertising[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@ad.turn[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@adbrite[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@ads.ft[2].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@doubleclick[2].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@adopt.euroclick[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@atwola[2].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@gatorcountry[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@ar.atwola[3].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@ar.atwola[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@perf.overture[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@adtech[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@collective-media[2].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@rm.piximedia[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@socialmedia[2].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@media6degrees[2].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@richmedia.yahoo[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@ads.adap[2].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@media.medhelp[2].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@www.accountonline[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@ehg-uniontrib.hitbox[2].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@serw.clicksor[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@valueclick[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@www.technologyquestions[2].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@track.cbs[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@microsoftwindows.112.2o7[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@content.yieldmanager.edgesuite[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@statcounter[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@trackeet[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@caloriecount.about[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@fastclick[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@ads.oneplace[2].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@data.coremetrics[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@realmedia[2].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@media.mtvnservices[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@leeenterprises.112.2o7[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@ehg-crain.hitbox[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@pro-market[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@ads.funadvice[2].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@clickbank[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@dnp.advertserve[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@trafficmp[2].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@timeinc.122.2o7[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@ads.imarketservices[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@ehg-foxnewsnetworkllc.hitbox[2].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@bs.serving-sys[2].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@ads.realtechnetwork[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@112.2o7[2].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@247realmedia[2].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@2o7[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@a1.interclick[2].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@ads.telegraph.co[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@at.atwola[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@cbs.112.2o7[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@dynamic.media.adrevolver[2].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@sitestat.mayoclinic[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@extrovert.122.2o7[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@foxinteractivemedia.122.2o7[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@he.valueclick[2].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@hitbox[2].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@jra.advertserve[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@imrworldwide[2].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@kontera[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@linksynergy[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@media.expedia[2].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@myroitracking[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@phg.hitbox[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@qnsr[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@randomhouse.122.2o7[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@sales.liveperson[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@sales.liveperson[3].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@sales.liveperson[4].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@snap9.advertserve[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@tribuneinteractive.122.2o7[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@usatoday1.112.2o7[2].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@waterfrontmedia.112.2o7[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@yadro[2].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@yieldmanager[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@yieldmanager[2].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@zedo[2].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\todd@adrevolver[2].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\todd@revsci[2].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\todd@insightexpressai[2].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\todd@adlegend[2].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\todd@ad.yieldmanager[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\todd@tribalfusion[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\todd@www.burstnet[2].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\todd@serving-sys[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\todd@adopt.specificclick[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\todd@revenue[2].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\todd@www.burstbeacon[2].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\todd@msnportal.112.2o7[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\todd@ads.pointroll[2].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\todd@adviva[2].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\todd@tracking.foxnews[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\todd@mediaplex[2].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\todd@apmebf[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\todd@adopt.euroclick[2].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\todd@atwola[2].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\todd@ar.atwola[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\todd@femalefirst.co[2].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\todd@fastclick[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\todd@bs.serving-sys[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\todd@247realmedia[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\todd@2o7[2].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\todd@atdmt[2].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\todd@advertising[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\todd@at.atwola[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\todd@bluestreak[2].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\todd@burstnet[2].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\todd@casalemedia[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\todd@collective-media[2].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\todd@doubleclick[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\todd@edge.ru4[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\todd@imrworldwide[2].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\todd@media.adrevolver[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\todd@interclick[2].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\todd@kontera[2].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\todd@overture[2].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\todd@questionmarket[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\todd@realmedia[2].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\todd@specificclick[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\todd@specificmedia[2].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\todd@statse.webtrendslive[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\todd@tacoda[2].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\todd@trafficmp[2].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\todd@www.femalefirst.co[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\todd@yieldmanager[1].txt
    C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\todd@zedo[2].txt
    .doubleclick.net [ C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\z132grxs.default\cookies.txt ]
    .doubleclick.net [ C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\z132grxs.default\cookies.txt ]
    ad.yieldmanager.com [ C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\z132grxs.default\cookies.txt ]
    ad.yieldmanager.com [ C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\z132grxs.default\cookies.txt ]
    ad.yieldmanager.com [ C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\z132grxs.default\cookies.txt ]
    ad.yieldmanager.com [ C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\z132grxs.default\cookies.txt ]
    ad.yieldmanager.com [ C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\z132grxs.default\cookies.txt ]
    ad.yieldmanager.com [ C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\z132grxs.default\cookies.txt ]
    ad.yieldmanager.com [ C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\z132grxs.default\cookies.txt ]
    ad.yieldmanager.com [ C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\z132grxs.default\cookies.txt ]
    .questionmarket.com [ C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\z132grxs.default\cookies.txt ]
    .questionmarket.com [ C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\z132grxs.default\cookies.txt ]
    .atdmt.com [ C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\z132grxs.default\cookies.txt ]
    .content.yieldmanager.edgesuite.net [ C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\z132grxs.default\cookies.txt ]
    .advertising.com [ C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\z132grxs.default\cookies.txt ]
    .advertising.com [ C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\z132grxs.default\cookies.txt ]
    .advertising.com [ C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\z132grxs.default\cookies.txt ]
    .advertising.com [ C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\z132grxs.default\cookies.txt ]
    .advertising.com [ C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\z132grxs.default\cookies.txt ]
    .bluestreak.com [ C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\z132grxs.default\cookies.txt ]
    .insightexpressai.com [ C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\z132grxs.default\cookies.txt ]
    .insightexpressai.com [ C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\z132grxs.default\cookies.txt ]
    .insightexpressai.com [ C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\z132grxs.default\cookies.txt ]
    .insightexpressai.com [ C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\z132grxs.default\cookies.txt ]
    .insightexpressai.com [ C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\z132grxs.default\cookies.txt ]
    .insightexpressai.com [ C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\z132grxs.default\cookies.txt ]
    .insightexpressai.com [ C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\z132grxs.default\cookies.txt ]
    .insightexpressai.com [ C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\z132grxs.default\cookies.txt ]
    .insightexpressai.com [ C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\z132grxs.default\cookies.txt ]
    .insightexpressai.com [ C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\z132grxs.default\cookies.txt ]
    .fastclick.net [ C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\z132grxs.default\cookies.txt ]
    .fastclick.net [ C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\z132grxs.default\cookies.txt ]
    .fastclick.net [ C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\z132grxs.default\cookies.txt ]
    .insightexpressai.com [ C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\z132grxs.default\cookies.txt ]
    .insightexpressai.com [ C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\z132grxs.default\cookies.txt ]
    .insightexpressai.com [ C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\z132grxs.default\cookies.txt ]
    .fastclick.net [ C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\z132grxs.default\cookies.txt ]
    .insightexpressai.com [ C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\z132grxs.default\cookies.txt ]
    media.fastclick.net [ C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\z132grxs.default\cookies.txt ]
    .2o7.net [ C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\z132grxs.default\cookies.txt ]
    .2o7.net [ C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\z132grxs.default\cookies.txt ]
    .2o7.net [ C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\z132grxs.default\cookies.txt ]
    .content.yieldmanager.com [ C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\z132grxs.default\cookies.txt ]
    .content.yieldmanager.com [ C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\z132grxs.default\cookies.txt ]
    .realmedia.com [ C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\z132grxs.default\cookies.txt ]
    .realmedia.com [ C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\z132grxs.default\cookies.txt ]
    .realmedia.com [ C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\z132grxs.default\cookies.txt ]
    .ads.pointroll.com [ C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\z132grxs.default\cookies.txt ]
    .ads.pointroll.com [ C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\z132grxs.default\cookies.txt ]
    .ads.pointroll.com [ C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\z132grxs.default\cookies.txt ]
    .ads.pointroll.com [ C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\z132grxs.default\cookies.txt ]
    .ads.pointroll.com [ C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\z132grxs.default\cookies.txt ]
    .ads.pointroll.com [ C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\z132grxs.default\cookies.txt ]
    .ads.pointroll.com [ C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\z132grxs.default\cookies.txt ]
    .ads.pointroll.com [ C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\z132grxs.default\cookies.txt ]
    .serving-sys.com [ C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\z132grxs.default\cookies.txt ]
    .serving-sys.com [ C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\z132grxs.default\cookies.txt ]
    .serving-sys.com [ C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\z132grxs.default\cookies.txt ]
    .serving-sys.com [ C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\z132grxs.default\cookies.txt ]
    .serving-sys.com [ C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\z132grxs.default\cookies.txt ]
    .serving-sys.com [ C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\z132grxs.default\cookies.txt ]
    .bs.serving-sys.com [ C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\z132grxs.default\cookies.txt ]
    .adopt.euroclick.com [ C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\z132grxs.default\cookies.txt ]
    .apmebf.com [ C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\z132grxs.default\cookies.txt ]
    .avgtechnologies.112.2o7.net [ C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\z132grxs.default\cookies.txt ]
    .trafficmp.com [ C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\z132grxs.default\cookies.txt ]
    .trafficmp.com [ C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\z132grxs.default\cookies.txt ]
    .trafficmp.com [ C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\z132grxs.default\cookies.txt ]
    .trafficmp.com [ C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\z132grxs.default\cookies.txt ]
    .trafficmp.com [ C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\z132grxs.default\cookies.txt ]
    .media6degrees.com [ C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\z132grxs.default\cookies.txt ]
    .media6degrees.com [ C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\z132grxs.default\cookies.txt ]
    .media6degrees.com [ C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\z132grxs.default\cookies.txt ]
    .media6degrees.com [ C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\z132grxs.default\cookies.txt ]
    .revsci.net [ C:\BACKUP\09-02-22 0413PM\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\z132grxs.default\cookies.txt ]
    C:\BACKUP\09-02-22 0413PM\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@2o7[2].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@content.yieldmanager[1].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@cdn4.specificclick[1].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@ehg-myspaceinc.hitbox[2].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@content.yieldmanager[3].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@content.yieldmanager[4].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@tacoda[2].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@pointroll[1].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@www.gatorcountry[2].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@casalemedia[1].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@specificclick[1].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@beacon.dmsinsights[2].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@specificclick[3].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@insightexpressai[2].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@specificclick[2].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@specificclick[4].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@questionmarket[3].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@questionmarket[4].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@revsci[3].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@insightexpressai[3].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@nextag[1].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@insightexpressai[4].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@insightexpressai[1].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@revsci[1].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@hitbox[2].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@edge.ru4[1].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@oasn03.247realmedia[1].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@trvlnet.adbureau[2].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@lucidmedia[1].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@bet.burstnet[1].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@ads.bridgetrack[2].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@pentonmedia.122.2o7[1].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@condenast.112.2o7[1].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@trvlnet.adbureau[1].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@oasn04.247realmedia[4].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@oasn04.247realmedia[2].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@oasn04.247realmedia[3].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@oasn04.247realmedia[1].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@tribalfusion[2].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@adinterax[2].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@adlegend[2].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@adinterax[3].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@ad.yieldmanager[2].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@ad.yieldmanager[1].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@ad.yieldmanager[3].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@superstats[2].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@ads.infinisource[2].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@ads.addynamix[1].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@tribalfusion[1].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@theclickcheck[1].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@dc.tremormedia[2].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@overture[2].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@interclick[1].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@www.burstnet[2].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@serving-sys[5].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@serving-sys[4].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@serving-sys[2].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@serving-sys[1].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@www.burstnet[3].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@warnerbros.112.2o7[1].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@adserver.adtechus[2].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@adserver.adtechus[1].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@ad.yieldmanager[6].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@ad.yieldmanager[5].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@ad.yieldmanager[7].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@parentingteens.about[2].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@dmtracker[1].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@www.burstbeacon[3].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@interclick[3].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@www.burstbeacon[1].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@www.burstnet[4].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@network.realmedia[1].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@msnportal.112.2o7[1].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@jibjab.112.2o7[1].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@advertising[11].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@tracking.foxnews[3].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@ads.pointroll[2].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@ads.pointroll[1].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@mediaforgews[1].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@tracking.foxnews[1].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@ads.vayama[2].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@allbritton.122.2o7[1].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@xiti[1].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@atdmt[1].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@media.photobucket[1].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@t.pointroll[1].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@azjmp[1].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@burstnet[3].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@burstnet[4].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@burstnet[1].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@burstnet[5].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@viacom.adbureau[1].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@s.clickability[1].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@burstnet[2].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@mediaplex[2].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@counter.surfcounters[2].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@mediaplex[3].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@247realmedia[4].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@mediaplex[4].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@apmebf[2].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@imrworldwide[2].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@ads.cnn[2].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@lockedonmedia[1].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@eyewonder[2].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@specificmedia[1].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@enhance[2].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@airtrade.122.2o7[1].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@advertising[6].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@advertising[5].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@advertising[4].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@advertising[7].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@advertising[2].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@advertising[1].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@advertising[3].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@ads.ft[2].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@247realmedia[3].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@adbrite[3].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@adbrite[1].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@atwola[1].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@specificmedia[2].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@doubleclick[1].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@ads.gmodules[1].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@atwola[2].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@specificmedia[7].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@specificmedia[6].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@specificmedia[4].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@specificmedia[3].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@gatorcountry[2].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@ar.atwola[2].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@ar.atwola[1].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@ads.tbs[1].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@advertising[9].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@advertising[8].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@yieldmanager[2].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@gatorcountry[3].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@socialmedia[3].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@socialmedia[2].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@richmedia.yahoo[1].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@media6degrees[6].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@media6degrees[5].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@media6degrees[4].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@media6degrees[3].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@media6degrees[2].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@media6degrees[1].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@richmedia.yahoo[2].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@network.realmedia[5].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@network.realmedia[2].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@www.findstuff[2].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@server.iad.liveperson[4].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@server.iad.liveperson[3].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@server.iad.liveperson[1].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@statcounter[2].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@caloriecount.about[1].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@realmedia[1].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@fastclick[2].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@fastclick[1].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@fastclick[3].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@realmedia[3].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@realmedia[2].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@media.mtvnservices[1].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@ad.thehill[1].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@fastclick[5].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@lfstmedia[1].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@media.expedia[2].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@trafficmp[1].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@clients.pointroll[1].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@bs.serving-sys[1].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@at.atwola[1].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@burstbeacon[1].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@bs.serving-sys[2].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@112.2o7[1].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@247realmedia[1].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@247realmedia[2].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@2o7[2].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@a1.interclick[2].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@account.live[2].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@accountlink.edwardjones[1].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@ad.wsod[1].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@ad.wsod[2].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@adbrite[2].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@ads.telegraph.co[1].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@ads.undertone[1].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@adserver.uproxx[1].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@collective-media[1].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@ev.ads.pointroll[1].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@foxinteractivemedia.122.2o7[1].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@hitbox[1].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@invitemedia[1].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@invitemedia[2].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@invitemedia[3].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@invitemedia[4].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@kango.112.2o7[1].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@media.adfrontiers[1].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@msnaccountservices.112.2o7[1].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@network.realmedia[3].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@pointroll[2].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@qnsr[1].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@questionmarket[2].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@questionmarket[5].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@ru4[1].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@smartadserver[1].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@stateofgeorgia.122.2o7[1].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@trafficmp[3].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@traveladvertising[2].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@uniontribune.122.2o7[1].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@xmedia.live.advance[1].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@z.blogads[2].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@zedo[1].txt
    C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Cookies\Low\todd@zedo[2].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.pointroll[4].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@dc.tremormedia[2].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.pointroll[3].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.pointroll[2].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.pointroll[1].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@dc.tremormedia[3].txt
     
    trosel238,
    #9
  11. 2010/01/12
    trosel238

    trosel238 Inactive Thread Starter

    Joined:
    2010/01/10
    Messages:
    8
    Likes Received:
    0
    Here is the remainder of the superantispyware log. It was too large to fit into one message.

    I'm sorry. I'm making a mess of this post. This post should go behind the one following it. This is what remains
    of the superantispyware log that was too large to go into the last post.

    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@dc.tremormedia[1].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@doubleclick[2].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@doubleclick[1].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@dc.tremormedia[5].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@doubleclick[3].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@atdmt[3].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@atdmt[2].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@atdmt[4].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@doubleclick[9].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@doubleclick[8].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@doubleclick[7].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@doubleclick[6].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@doubleclick[5].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@doubleclick[4].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@atdmt[9].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@atdmt[7].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@atdmt[6].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@atdmt[5].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@atdmt[8].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@apmebf[1].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@apmebf[3].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@apmebf[4].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@apmebf[8].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@apmebf[5].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@apmebf[2].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@apmebf[6].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@burstnet[2].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.turn[1].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@invitemedia[5].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@invitemedia[3].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@invitemedia[4].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@invitemedia[2].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@redorbit[1].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@click.fastpartner[1].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@click.fastpartner[2].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.businessfind[2].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@enhance[2].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.financialcontent[2].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@click.fastpartner[5].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@click.fastpartner[4].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@click.fastpartner[3].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@click.fastpartner[6].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mediaplex[1].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@enhance[4].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@enhance[3].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@media6degrees[3].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@media6degrees[2].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@media6degrees[1].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@media6degrees[4].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mediaplex[4].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mediaplex[3].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mediaplex[2].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adserver.adtechus[4].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adserver.adtechus[3].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adserver.adtechus[2].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adserver.adtechus[1].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@insightexpressai[1].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[11].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@content.yieldmanager[10].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@casalemedia[2].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.eyecuedigital[1].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bs.serving-sys[1].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.gamersmedia[1].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@casalemedia[3].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bs.serving-sys[2].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@zedo[10].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@content.yieldmanager[8].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[3].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[2].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[1].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[4].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@content.yieldmanager[4].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@realmedia[3].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@realmedia[1].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@content.yieldmanager[9].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@content.yieldmanager[1].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@content.yieldmanager[5].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.icityfind[2].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.icityfind[1].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@content.yieldmanager[2].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@content.yieldmanager[6].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@content.yieldmanager[3].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@content.yieldmanager[7].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[9].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[8].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[7].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[6].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[5].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@fastclick[4].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@fastclick[5].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@fastclick[2].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@fastclick[3].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@fastclick[1].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@zedo[1].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@zedo[5].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@zedo[9].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@zedo[2].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@zedo[6].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.findit-quick[1].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@zedo[3].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@zedo[7].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@zedo[4].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@zedo[8].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@questionmarket[7].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@fastclick[6].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@fastclick[7].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tacoda[2].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tribalfusion[2].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.burstnet[1].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@at.atwola[2].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@serving-sys[3].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@serving-sys[2].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@questionmarket[3].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@revsci[3].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@revsci[4].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@questionmarket[1].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@questionmarket[5].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@revsci[1].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@questionmarket[2].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@questionmarket[6].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@revsci[2].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@network.realmedia[1].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@doubleclick[11].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@viacom.adbureau[2].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@doubleclick[10].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clickpayz6.91462.blueseek[2].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clickpayz5.91462.blueseek[2].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clickpayz7.91462.blueseek[2].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clickpayz1.91462.blueseek[2].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@icityfind[2].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@icityfind[1].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad1.clickhype[1].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@businessfind[1].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@collective-media[2].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@advertising[2].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@collective-media[3].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.addynamix[6].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.addynamix[5].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.addynamix[4].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.addynamix[3].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.addynamix[2].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.addynamix[1].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@collective-media[4].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clickthrough.kanoodle[1].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@imrworldwide[2].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@pointroll[4].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@pointroll[3].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@pointroll[2].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@pointroll[5].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@collective-media[1].txt
     
    trosel238,
    #10
  12. 2010/01/13
    trosel238

    trosel238 Inactive Thread Starter

    Joined:
    2010/01/10
    Messages:
    8
    Likes Received:
    0
    Here is the malwarebyte log and hijack this log. Search engine web links are working fine.

    Malwarebytes' Anti-Malware 1.44
    Database version: 3552
    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.18865

    1/13/2010 7:47:20 AM
    mbam-log-2010-01-13 (07-47-20).txt

    Scan type: Full Scan (C:\|D:\|)
    Objects scanned: 397018
    Time elapsed: 2 hour(s), 18 minute(s), 46 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:50:09 AM, on 1/13/2010
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18865)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil10d.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Windows\system32\msfeedssync.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\BAE.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Todd\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    O16 - DPF: {195538FD-1C39-44B1-A7C3-5D7137A8A8F1} (OPSWAT AntiViruses Class) - https://securera.edwardjones.com/vdesk/terminal/f5opswati.cab
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo1.walgreens.com/WalgreensActivia.cab
    O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} (F5 Networks Dynamic Application Tunnel Control) - C:\Users\Todd\AppData\Local\Temp\f5tmp\f5tunsrv.cab
    O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - C:\Users\Todd\AppData\Local\Temp\f5tmp\InstallerControl.cab
    O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} (F5 Networks Policy Agent Host Class) - https://securera.edwardjones.com/vdesk/terminal/f5InspectionHost.cab
    O16 - DPF: {5C2F0FAA-4966-4587-A85C-E08563B86BF3} (F5 Networks Registry Policy Agent) - https://securera.edwardjones.com/policy/download_binary.php/win32/f5syschk.cab
    O16 - DPF: {7E73BE8F-FD87-44EC-8E22-023D5FF960FF} (F5 Virtual Sandbox Class) - C:\Users\Todd\AppData\Local\Temp\f5tmp\vdeskctrl.cab
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gateway.com/support/serialharvest/gwCID.CAB
    O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
    O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} (F5 Networks SuperHost Class) - C:\Users\Todd\AppData\Local\Temp\f5tmp\urxshost.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - C:\Users\Todd\AppData\Local\Temp\f5tmp\urxhost.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} (F5 Networks OS Policy Agent) - C:\Users\Todd\AppData\Local\Temp\f5tmp\f5syschk.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

    --
    End of file - 8924 bytes
     
    trosel238,
    #11
  13. 2010/01/13
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Very good :)

    1. Download Temp File Cleaner (TFC)
    Double click on TFC.exe to run the program.
    Click on Start button to begin cleaning process.
    TFC will close all running programs, and it may ask you to restart computer.


    2. Go to Kaspersky website and perform an online antivirus scan.

    1. Read through the requirements and privacy statement and click on Accept button.
    2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    3. When the downloads have finished, click on Settings.
    4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

    • Spyware, Adware, Dialers, and other potentially dangerous programs
      [*] Archives
      [*] Mail databases
    5. Click on My Computer under Scan.
    6. Once the scan is complete, it will display the results. Click on View Scan Report.
    7. You will see a list of infected items there. Click on Save Report As....
    8. Save this report to a convenient place. Change the Files of type to Text file (.txt before clicking on the Save button. Then post it here.
     
    broni,
    #12
  14. 2010/01/13
    trosel238

    trosel238 Inactive Thread Starter

    Joined:
    2010/01/10
    Messages:
    8
    Likes Received:
    0
    The temp file cleaner program did not run properly on my computer. It freezes up and I have to use task manager to close it.
    Do I need to download the anti-virus program you are referring to? I have
    Avira on my system now.
    Also, the redirect problem appears to be fixed. Please advise. Thanks.
     
    trosel238,
    #13
  15. 2010/01/13
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Close all visible windows. Exit all programs listed in systray/notification area (next to the clock) and try TFC again.

    As for Kaspersky, you don't download any AV program. You just download small module, which allows Kaspersky to scan your machine.
     
    broni,
    #14

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...