Not sure what is going on

[busymom]

OK, My computer seems to be acting weird. I have no idea what is going on to be honest. My virus protection is clean, infe3ction free on spyware doctor. BUT it will freeze for no reason at all and this has never happened before. I was downloading a update,and it froze. The mouse move3d but everything was unclickable. I disabled my screensaver cause that was making it freeze and it is not those download ones,this was the one that was already installed on my computer.  Now, I will be upfront with you guys, yes,me and my hubby do go to porn sites sometimes. When we go to sites that we have always gone to, we never had a problem until a few weeks ago. Every time we go to those same sites now,they freeze up my computer. But the virus and spyware doctor says i am infection free.
Here is my hijack log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:46:01 PM, on 9/22/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CSHelper.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070217
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL =

www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070217
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common

Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program

Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program

Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common

Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [SmartDiarySuite4] C:\Program Files\Smart Diary Suite 4\SDS4.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} -

C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -

C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} -

C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} -

C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device

Support\AppleMobileDeviceService.exe
O23 - Service: Broadcom ASF IP Monitor (ASFIPmon) - Broadcom Corporation - C:\Program

Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program

Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CopySafe Helper Service (CSHelper) - Unknown owner - C:\WINDOWS\system32\CSHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program

Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common

Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 9510 bytes


THANK YOU FOR THE HELP!

[SuperDave]

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

Download Disable/Remove Windows Messenger to the desktop to remove Windows Messenger.

Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.

Exit out of MessengerDisable then delete the two files that were put on the desktop.

************************************************
Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.

****************************************
SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
***************************************
Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
• Please save the log to a location you will remember.
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
**********************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

[busymom]

THANK YOU for helping me! Here are my logs:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/29/2010 at 11:39 AM

Application Version : 4.43.1000

Core Rules Database Version : 5601
Trace Rules Database Version: 3413

Scan type       : Complete Scan
Total Scan Time : 01:06:06

Memory items scanned      : 508
Memory threats detected   : 0
Registry items scanned    : 8306
Registry threats detected : 5
File items scanned        : 33526
File threats detected     : 941

Adware.Gamevance
   HKU\S-1-5-21-1096188741-765046003-2518913026-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0ED403E8-470A-4A8A-85A4-D7688CFE39A3}
   HKCR\CLSID\{0ED403E8-470A-4A8A-85A4-D7688CFE39A3}

Disabled.SecurityCenterOption
   HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#ANTIVIRUSDISABLENOTIFY
   HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#FIREWALLDISABLENOTIFY
   HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#UPDATESDISABLENOTIFY

BearShare File Sharing Client
   C:\PROGRAM FILES\BEARSHARE\BEARSHARE.EXE
   C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\BEARSHARE.LNK
   C:\DOCUMENTS AND SETTINGS\PAUL_KARA\MY DOCUMENTS\BEARSHARE\BEARSHARE.EXE
   C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP689\A0105003.LNK

Adware.Tracking Cookie
   cdn4.specificclick.net [ C:\Documents and Settings\HelpAssistant\Application Data\Macromedia\Flash Player\#SharedObjects\VBW28LLQ ]
   media.mtvnservices.com [ C:\Documents and Settings\HelpAssistant\Application Data\Macromedia\Flash Player\#SharedObjects\VBW28LLQ ]
   naiadsystems.com [ C:\Documents and Settings\HelpAssistant\Application Data\Macromedia\Flash Player\#SharedObjects\VBW28LLQ ]
   static.xxxmatch.com [ C:\Documents and Settings\HelpAssistant\Application Data\Macromedia\Flash Player\#SharedObjects\VBW28LLQ ]
   vidii.hardsextube.com [ C:\Documents and Settings\HelpAssistant\Application Data\Macromedia\Flash Player\#SharedObjects\VBW28LLQ ]
   www.alphaporno.com [ C:\Documents and Settings\HelpAssistant\Application Data\Macromedia\Flash Player\#SharedObjects\VBW28LLQ ]
   www.mofosex.com [ C:\Documents and Settings\HelpAssistant\Application Data\Macromedia\Flash Player\#SharedObjects\VBW28LLQ ]
   www.naiadsystems.com [ C:\Documents and Settings\HelpAssistant\Application Data\Macromedia\Flash Player\#SharedObjects\VBW28LLQ ]
   www.pornhub.com [ C:\Documents and Settings\HelpAssistant\Application Data\Macromedia\Flash Player\#SharedObjects\VBW28LLQ ]
   www.teenist.com [ C:\Documents and Settings\HelpAssistant\Application Data\Macromedia\Flash Player\#SharedObjects\VBW28LLQ ]
   www1.yporn.com [ C:\Documents and Settings\HelpAssistant\Application Data\Macromedia\Flash Player\#SharedObjects\VBW28LLQ ]
   .crackberry.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .crackberry.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .doubleclick.net [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .crackberry.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .crackberry.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .crackberry.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .crackberry.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   forums.crackberry.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .forums.crackberry.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .forums.crackberry.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .collective-media.net [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .atdmt.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .atdmt.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .ads.pointroll.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .pointroll.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .ads.pointroll.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .pointroll.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .ads.pointroll.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .ads.pointroll.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .ads.pointroll.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .ads.pointroll.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .ads.pointroll.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .ads.pointroll.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .kennethcopelandministries.122.2o7.net [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .richmedia.yahoo.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .trafficmp.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .trafficmp.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .trafficmp.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .trafficmp.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .trafficmp.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .*adult URL* [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .*adult URL* [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .*adult URL* [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .*adult URL* [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .*adult URL* [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .*adult URL* [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .*adult URL* [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .naiadsystems.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .naiadsystems.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   ad2.clickhype.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .hardsextube.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   ad2protraffic.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   adserver.hardsextube.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .hardsextube.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .hardsextube.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   www.hardsextube.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   www.hardsextube.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .adxpansion.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .statcounter.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .fastclick.net [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .fastclick.net [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .fastclick.net [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .bs.serving-sys.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .serving-sys.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .serving-sys.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .serving-sys.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .serving-sys.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .serving-sys.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .mediaplex.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .mediaplex.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   eas.apm.emediate.eu [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .precisionclick.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .fastclick.net [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .media6degrees.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .media6degrees.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .media6degrees.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   ads.gamesbannernet.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   ads.gamesbannernet.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .lfstmedia.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .specificmedia.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .smartadserver.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .smartadserver.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .smartadserver.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .smartadserver.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   adprotraffic.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .fuckbookdating.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .fuckbookdating.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   www.hot-sex-tube.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   www.hot-sex-tube.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   ad.yieldmanager.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .media6degrees.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .media6degrees.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .casalemedia.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .casalemedia.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .casalemedia.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .clicksor.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .clicksor.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .clicksor.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .serving.adsrevenue.clicksor.net [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .serving.adsrevenue.clicksor.net [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .*adult URL* [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .dumpaporn.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .dumpaporn.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   www.pornorama.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .pornorama.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .pornorama.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   ads.adultadvertising.net [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .adbrite.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .adbrite.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   tsprotraffic.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   ads2.vasmg.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .chitika.net [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .2o7.net [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .2o7.net [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .adbrite.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .*adult URL* [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .videoporncity.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .videoporncity.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   openxxx.viragemedia.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .media6degrees.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   ad.yieldmanager.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   ad.yieldmanager.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   ad.yieldmanager.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .pornoxo.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .pornoxo.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   www.pornoxo.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   www.pornoxo.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .ads.sexinyourcity.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .ads.sexinyourcity.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   hornyteens4you.net [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .lfstmedia.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .bonusporntube.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .bonusporntube.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   pornotubesite.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .*adult URL* [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .imrworldwide.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .imrworldwide.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .invitemedia.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .invitemedia.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .thefind.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .thefind.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .thefind.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .thefind.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .thefind.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .invitemedia.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .invitemedia.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .invitemedia.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .invitemedia.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .adbrite.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   server.iad.liveperson.net [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   server.iad.liveperson.net [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   rts.pgmediaserve.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .clicksor.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .clicksor.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .adcloudmedia.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   bridge1.admarketplace.net [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .admarketplace.net [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   ad.admediaprovider.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   ad.admediaprovider.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   ad.yieldmanager.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   ad.yieldmanager.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .porngoliath.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .porngoliath.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .casalemedia.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .trafficmp.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   ads1.adultadvertising.net [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .lucidmedia.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .lucidmedia.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .lucidmedia.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   www.freshpornnews.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   www.freshpornnews.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   www.findit-quick.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .burstnet.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .find-me-now.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .interclick.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .interclick.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   kronos.bravenetmedia.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .pornhost.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .pornhost.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .momsextube.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .momsextube.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   ads.gamersmedia.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   ads.gamersmedia.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .intermundomedia.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .burstnet.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   account.mycricket.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .media6degrees.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .momsexmovs.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .momsexmovs.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   www.olderporntube.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   www.olderporntube.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   www.xxxgamer.net [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .fishsexmovies.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .fishsexmovies.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   www.bannerdisplayserver.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   rotator.adjuggler.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   rotator.adjuggler.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .statcounter.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .crackle.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   xml.trafficengine.net [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   www.yawporntube.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   adserving.cpxinteractive.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   adserving.cpxinteractive.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   r.unicornmedia.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .adtech.de [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .megaporn.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .megaporn.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .paypal.112.2o7.net [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .stats.paypal.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   ads.keypromedia.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   www.trannypornsite.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   www.trannypornsite.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   www.shemalepornclips.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .2o7.net [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   www.offers-kitnmedia.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   www.offers-kitnmedia.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   www.bullporn.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .banners.facebookofsex.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .banners.facebookofsex.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .pornhub.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .pornhub.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   www.sexasporn.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   www.fuckthisshemale.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   www.fuckthisshemale.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .linksynergy.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .linksynergy.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .linksynergy.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   www5.addfreestats.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .elitemate.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .elitemate.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .cabarruscounty.us [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .cabarruscounty.us [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .stats.adbrite.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   www.tubepornsearch.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   www.tubepornsearch.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .adbrite.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .statcounter.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   www.porn.sc [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .porn.sc [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .porn.sc [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   www.flash-porn.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .flash-porn.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .flash-porn.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .sylvanlearning.112.2o7.net [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .2o7.net [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .homemadesextube.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .homemadesextube.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .mofosex.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .mofosex.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .2o7.net [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .marketbanker.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .marketbanker.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .server.cpmstar.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .azjmp.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .2o7.net [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .2o7.net [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   www.streamsex.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .streamsex.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .streamsex.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   pornorama.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   x.sextube.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   www.sextube.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   www.sextube.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   www.sextube.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   www.sextube.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   www.sextube.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   www.sextube.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   www.sextube.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   www.sextube.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .sextube.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .sextube.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   www.sextube.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   www.sextube.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   ads1.exgfnetwork.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   adserver.matchcraft.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   adserver.matchcraft.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   adserver.matchcraft.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   www.pornhub.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   www.pornhub.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   www.sunporno.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .porntown.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .porntown.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   megaporn2.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   megaporn2.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   megaporn2.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   www.pornonova.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   www.pornonova.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   www.porntsunami.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   www.porntsunami.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .accessvg.112.2o7.net [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .findtubes.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .findtubes.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   server1.grand-slam-media.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   dc.tremormedia.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   ads2.adultadvertising.net [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .e-2dj6wjlygkcjckq.stats.esomniture.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   media.mtvnservices.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   media.mtvnservices.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .2o7.net [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .2o7.net [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .overture.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .overture.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .legolas-media.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   ad.yieldmanager.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   www.teensnow.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .teensnow.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .teensnow.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   www.*censored*.sc [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .*censored*.sc [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .*censored*.sc [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   www.freeporncollection.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .freeporncollection.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .freeporncollection.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .notonlyporn.net [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .notonlyporn.net [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   teen4vids.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   teen4vids.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .tube1sex.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   www.longxxxtube.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   www.longxxxtube.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .rich-traffic.net [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   ihstats.cloudapp.net [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   www.ac-porn.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   www.ac-porn.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   theteensfucking.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   theteensfucking.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .streamsexclips.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .streampornclips.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .streampornclips.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   videosexart.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   www.dirtyxxxtube.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .eyewonder.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .eyewonder.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .2o7.net [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .2o7.net [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   www.winoporntube.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .2o7.net [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   www.cleansextube.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .bearporntube.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .bearporntube.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   tsprotraffic.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .mediaplex.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   sexier.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .sexier.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .sexier.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .find-assist.net [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .find-assist.net [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .2o7.net [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .2o7.net [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .2o7.net [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .yieldmanager.net [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .lockedonmedia.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   www.visit-tracker.biz [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   www.visit-tracker.biz [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .tradedoubler.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .tradedoubler.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .tradedoubler.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .mediaplex.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .thepornstarpage.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .thepornstarpage.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   sexyztube.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   statse.webtrendslive.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .teenist.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .teenist.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .lfstmedia.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .trackalyzer.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   delivery.staging.trafficjunky.net [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .hardsextubepremium.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .hardsextubepremium.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .advertise.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   mollyteens.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .businessfind.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .businessfind.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   www.businessfind.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   www.businessfind.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .wachovia.112.2o7.net [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .2o7.net [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   www.teenjill.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   www.teenjill.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   www.teenjill.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .media.photobucket.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   advertising.sheknows.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   www.*adult URL* [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .*adult URL* [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .*adult URL* [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   www.*adult URL* [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   ad.yieldmanager.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .gemoneysuscarecredit.112.2o7.net [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   server.iad.liveperson.net [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   www.firstsextube.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .rowancountybulletin.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .rowancountybulletin.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .eveningpostdigital.112.2o7.net [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .specificmedia.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .adlegend.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .adlegend.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .ad.doubleclick.net [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .revolutionporntube.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .revolutionporntube.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .greatwolfresorts.112.2o7.net [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   www.googleadservices.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   www.googleadservices.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   www.googleadservices.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .www.burstnet.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   mediareps.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .naked.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .br.naked.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .br.naked.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .interclick.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .a1.interclick.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .a1.interclick.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .longporntube.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .longporntube.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   www.bigfreesex.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   www.bigfreesex.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   www.bigfreesex.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   www.genporn.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   www.amateurteentube.me [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   *adult URL* [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   vidzteens.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .media.adfrontiers.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .media.adfrontiers.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .sexinyourcity.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .sexinyourcity.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .sexinyourcity.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .sexinyourcity.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .alphaporno.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .alphaporno.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .youporn.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .youporn.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .youporn.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .youporn.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .gonzoxxxmovies.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .gonzoxxxmovies.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .trafficholder.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .trafficholder.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .trafficholder.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .trafficholder.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .banners.facebookofsex.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .banners.facebookofsex.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .banners.facebookofsex.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .banners.facebookofsex.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .banners.facebookofsex.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .facebookofsex.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .facebookofsex.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .trafficholder.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .trafficholder.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .trafficholder.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .trafficholder.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\cookies.sqlite ]
   .trafficholder.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Pr

[reddevilggg]

Try using WOT and you'll be flagged if your choosen site is dodgy

https://www.mywot.com/

This advice is in conjunction with SuperDaves help. 

[SuperDave]

I still need to see the MBAM and Security Check logs.

[busymom]

I am sorry,guess the post was to long. Here you go:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4716

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

9/29/2010 12:56:13 PM
mbam-log-2010-09-29 (12-56-13).txt

Scan type: Full scan (A:\|C:\|)
Objects scanned: 300599
Time elapsed: 1 hour(s), 3 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0ed403e8-470a-4a8a-85a4-d7688cfe39a3} (Adware.Gamevance) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\All Users\Application Data\55541424 (Rogue.Multiple) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\HelpAssistant.DGVZPKC1\My Documents\Creative\Creative WebCam\WebCam Center\Theme\Default\WC_Frame_BG.bmp (Extension.Mismatch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Paul_Kara\My Documents\Downloads\SetupPlaySushi(2).exe (Adware.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Paul_Kara\My Documents\Downloads\SetupPlaySushi.exe (Adware.Dropper) -> Quarantined and deleted successfully.
 Results of screen317's Security Check version 0.99.5 
 Windows XP Service Pack 3 
 Internet Explorer 8 
``````````````````````````````
Antivirus/Firewall Check:
 Windows Firewall Enabled! 
 avast! Free Antivirus   
 Antivirus up to date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:
 Malwarebytes' Anti-Malware   
 CCleaner     
 AML Free Registry Cleaner 4.21
 Java(TM) 6 Update 15 
 Out of date Java installed!
 Adobe Flash Player 10.1.85.3 
Adobe Reader 8.2.2
Out of date Adobe Reader installed!
 Mozilla Firefox (3.6.10) Firefox Out of Date! 
````````````````````````````````
Process Check: 
objlist.exe by Laurent
 Malwarebytes' Anti-Malware mbam.exe 
 Alwil Software Avast5 AvastSvc.exe 
 Alwil Software Avast5 avastUI.exe 
````````````````````````````````
DNS Vulnerability Check:
 GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````



 Results of screen317's Security Check version 0.99.5 
 Windows XP Service Pack 3 
 Internet Explorer 8 
``````````````````````````````
Antivirus/Firewall Check:
 Windows Firewall Enabled! 
 avast! Free Antivirus   
 Antivirus up to date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:
 Malwarebytes' Anti-Malware   
 CCleaner     
 AML Free Registry Cleaner 4.21
 Java(TM) 6 Update 15 
 Out of date Java installed!
 Adobe Flash Player 10.1.85.3 
Adobe Reader 8.2.2
Out of date Adobe Reader installed!
 Mozilla Firefox (3.6.10) Firefox Out of Date! 
````````````````````````````````
Process Check: 
objlist.exe by Laurent
 Malwarebytes' Anti-Malware mbam.exe 
 Alwil Software Avast5 AvastSvc.exe 
 Alwil Software Avast5 avastUI.exe 
````````````````````````````````
DNS Vulnerability Check:
 GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

[SuperDave]

Registry cleaners are extremely powerful applications and their potential for harming your OS far outweighs any small potential for improving your computer's performance.

AML Free Registry Cleaner 4.21

There are a number of them available and some are more safe than others. Keep in mind that no two registry cleaners work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad" entry. One cleaner may find entries on your system that will not cause a problem when removed, another may not find the same entries, and still another may want to remove entries required for a program to work. Without research into what the registry entry selected for deletion is, a registry cleaner can end up being an automated method to cause problems with the registry.

For routine use by those not familiar with the registry, the benefits to your computer are negligible while the potential risks are great.

Further reading: XP Fixes Myth #1: Registry Cleaners
***********************************
Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console[/list]

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you.  Please include the contents of C:\ComboFix.txt in your next reply.

If you have problems with ComboFix usage, see How to use ComboFix

[busymom]

ComboFix 10-09-28.03 - Paul_Kara 09/29/2010  16:07:42.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2046.1446 [GMT -4:00]
Running from: c:\documents and settings\Paul_Kara\My Documents\Downloads\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\HelpAssistant.DGVZPKC1\g2mdlhlpx.exe
c:\documents and settings\HelpAssistant.DGVZPKC1\System
c:\documents and settings\HelpAssistant.DGVZPKC1\System\win_qs8.jqx
c:\documents and settings\HelpAssistant\System
c:\documents and settings\HelpAssistant\System\win_qs8.jqx
c:\documents and settings\Paul_Kara\g2mdlhlpx.exe
c:\documents and settings\Paul_Kara\System
c:\documents and settings\Paul_Kara\System\win_qs8.jqx
c:\program files\Internet Explorer\SET160.tmp
c:\program files\Internet Explorer\SET61C.tmp
c:\program files\Internet Explorer\SET61D.tmp
c:\program files\Internet Explorer\SET61F.tmp
c:\program files\Internet Explorer\SET683.tmp
c:\program files\Internet Explorer\SET684.tmp
c:\program files\Internet Explorer\SET685.tmp
c:\program files\Internet Explorer\SET9B.tmp
c:\program files\Internet Explorer\SETA0.tmp
c:\windows\system32\_000008_.tmp.dll
c:\windows\system32\SET206.tmp
c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
(((((((((((((((((((((((((   Files Created from 2010-08-28 to 2010-09-29  )))))))))))))))))))))))))))))))
.

2010-09-29 14:36 . 2010-04-29 19:39   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-29 14:36 . 2010-04-29 19:39   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-09-29 14:36 . 2010-09-29 14:36   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-09-29 14:20 . 2010-09-29 14:20   --------   d-----w-   c:\documents and settings\Paul_Kara\Application Data\SUPERAntiSpyware.com
2010-09-29 14:20 . 2010-09-29 14:20   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-09-29 14:20 . 2010-09-29 14:20   --------   d-----w-   c:\program files\SUPERAntiSpyware
2010-09-29 14:15 . 2010-09-29 14:15   --------   d-----w-   c:\documents and settings\Paul_Kara\Local Settings\Application Data\WinZip
2010-09-23 21:42 . 2010-09-23 21:42   --------   d-----w-   c:\program files\AML Products
2010-09-22 22:25 . 2010-09-22 22:25   --------   d-----w-   c:\windows\system32\Registry Patrol
2010-09-22 22:25 . 2010-09-22 22:31   --------   d-----w-   c:\program files\Registry Patrol
2010-09-22 19:45 . 2010-09-22 19:45   --------   d-----w-   c:\program files\Trend Micro
2010-09-22 00:12 . 2010-09-22 00:12   --------   d-----w-   c:\program files\Windows Installer Clean Up
2010-09-21 23:34 . 2010-09-21 23:34   --------   d-----w-   c:\program files\Apple Software Update
2010-09-21 23:15 . 2010-09-21 23:15   --------   d-----w-   c:\program files\iPod
2010-09-21 23:15 . 2010-09-21 23:16   --------   d-----w-   c:\program files\iTunes
2010-09-21 23:15 . 2010-09-21 23:16   --------   d-----w-   c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-09-21 23:06 . 2010-09-21 23:06   --------   d-----w-   c:\program files\Bonjour
2010-09-21 23:04 . 2010-09-21 23:05   --------   d-----w-   c:\program files\BearShare
2010-09-21 10:29 . 2010-09-07 15:12   38848   ----a-w-   c:\windows\avastSS.scr
2010-09-21 10:29 . 2010-09-21 10:29   --------   d-----w-   c:\documents and settings\All Users\Application Data\Alwil Software

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-29 14:21 . 2010-09-29 14:21   63488   ----a-w-   c:\documents and settings\Paul_Kara\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-29 14:21 . 2010-09-29 14:21   52224   ----a-w-   c:\documents and settings\Paul_Kara\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-09-29 14:21 . 2010-09-29 14:21   117760   ----a-w-   c:\documents and settings\Paul_Kara\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-29 14:15 . 2009-04-26 21:00   --------   d-----w-   c:\documents and settings\All Users\Application Data\WinZip
2010-09-29 14:13 . 2008-10-22 16:45   --------   d---a-w-   c:\documents and settings\All Users\Application Data\TEMP
2010-09-29 14:13 . 2008-10-22 16:45   --------   d-----w-   c:\program files\Spyware Doctor
2010-09-29 13:57 . 2007-02-17 22:52   264808   -c--a-w-   c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-23 22:35 . 2010-02-03 21:04   --------   d-----w-   c:\program files\Eusing Free Registry Cleaner
2010-09-22 19:45 . 2010-09-22 19:45   388096   ----a-r-   c:\documents and settings\Paul_Kara\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-22 11:31 . 2010-07-11 03:14   --------   d-----w-   c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-22 11:30 . 2009-01-23 18:39   --------   d-----w-   c:\program files\CCleaner
2010-09-22 00:38 . 2009-04-19 13:14   --------   d-----w-   c:\documents and settings\Paul_Kara\Application Data\Apple Computer
2010-09-22 00:12 . 2010-09-22 00:12   3584   ----a-r-   c:\documents and settings\Paul_Kara\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2010-09-22 00:12 . 2008-11-30 23:30   --------   d-----w-   c:\program files\MSECache
2010-09-21 23:15 . 2008-12-14 14:44   --------   d-----w-   c:\program files\Common Files\Apple
2010-09-21 23:11 . 2008-10-22 02:06   --------   d-----w-   c:\program files\QuickTime
2010-09-21 23:03 . 2010-09-21 23:03   73000   ----a-w-   c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe
2010-09-21 22:00 . 2009-08-14 15:38   --------   d-----w-   c:\program files\Smart Diary Suite 4
2010-09-21 10:34 . 2008-10-26 13:56   --------   d-----w-   c:\program files\Alwil Software
2010-09-07 15:11 . 2008-10-26 13:56   167592   ----a-w-   c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2008-10-26 13:56   46672   ----a-w-   c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2008-10-26 13:56   165584   ----a-w-   c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2008-10-26 13:56   23376   ----a-w-   c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2008-10-26 13:56   100176   ----a-w-   c:\windows\system32\drivers\aswmon2.sys
2010-09-07 14:47 . 2008-10-26 13:56   94544   ----a-w-   c:\windows\system32\drivers\aswmon.sys
2010-09-07 14:47 . 2008-10-26 13:56   17744   ----a-w-   c:\windows\system32\drivers\aswFsBlk.sys
2010-09-07 14:46 . 2008-10-26 13:56   28880   ----a-w-   c:\windows\system32\drivers\aavmker4.sys
2010-08-30 18:34 . 2010-09-22 19:37   1496064   ----a-w-   c:\documents and settings\Paul_Kara\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-08-30 18:33 . 2010-09-22 19:37   43008   ----a-w-   c:\documents and settings\Paul_Kara\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-08-30 18:33 . 2010-09-22 19:37   338944   ----a-w-   c:\documents and settings\Paul_Kara\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-08-30 18:33 . 2010-09-22 19:37   346112   ----a-w-   c:\documents and settings\Paul_Kara\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-08-17 13:17 . 2004-08-11 23:00   58880   ----a-w-   c:\windows\system32\spoolsv.exe
2010-08-13 22:49 . 2009-01-06 19:14   --------   d-----w-   c:\program files\Yahoo!
2010-08-13 22:49 . 2007-02-17 22:44   --------   d-----w-   c:\program files\Google
2010-08-13 00:01 . 2010-08-13 00:01   --------   d-----w-   c:\program files\Defraggler
2010-08-13 00:01 . 2010-08-13 00:01   --------   d-----w-   c:\documents and settings\Paul_Kara\Application Data\Yahoo!
2010-08-12 23:06 . 2007-02-17 22:43   --------   d-----w-   c:\program files\Microsoft.NET
2010-07-27 22:44 . 2010-07-27 22:44   91424   ----a-w-   c:\windows\system32\dnssd.dll
2010-07-27 22:44 . 2010-07-27 22:44   197920   ----a-w-   c:\windows\system32\dnssdX.dll
2010-07-27 22:44 . 2010-07-27 22:44   107808   ----a-w-   c:\windows\system32\dns-sd.exe
2010-07-22 15:49 . 2004-08-11 23:00   590848   ----a-w-   c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-04-17 02:37   5120   ----a-w-   c:\windows\system32\xpsp4res.dll
2008-12-29 11:52 . 2008-12-29 11:52   27976   -c--a-w-   c:\program files\mozilla firefox\plugins\atgpcdec.dll
2008-12-29 11:52 . 2008-12-29 11:52   126360   -c--a-w-   c:\program files\mozilla firefox\plugins\atgpcext.dll
2008-12-29 11:52 . 2008-12-29 11:52   46408   -c--a-w-   c:\program files\mozilla firefox\plugins\atmccli.dll
2008-12-29 11:52 . 2008-12-29 11:52   98712   -c--a-w-   c:\program files\mozilla firefox\plugins\ieatgpc.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2010-04-08 353736]
"SmartDiarySuite4"="c:\program files\Smart Diary Suite 4\SDS4.exe" [2010-08-25 5220056]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 843776]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-04-02 40368]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-17 00:35   87352   ----a-w-   c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06   976832   ----a-w-   c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-02 18:05   40368   ----a-w-   c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12   15360   ----a-w-   c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2006-08-29 03:57   395776   -c--a-w-   c:\program files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-06-23 22:31   53248   -c----w-   c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-02-19 06:41   49152   -c--a-w-   c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
2009-11-18 17:47   1243088   ----a-w-   c:\program files\Spyware Doctor\pctsTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-07-27 22:50   81920   -c--a-w-   c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-01 12:32   421160   ----a-w-   c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2008-08-14 21:15   2407184   -c--a-w-   c:\program files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
2008-11-07 17:51   95536   -c--a-w-   c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-08-10 09:15   421888   ----a-w-   c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 21:47   25623336   ----a-r-   c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartDiarySuite4]
2010-08-25 22:28   5220056   ----a-w-   c:\program files\Smart Diary Suite 4\SDS4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 20:07   2260480   --sha-r-   c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-07-25 09:23   149280   -c--a-w-   c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avast! Mail Scanner"=3 (0x3)
"SharedAccess"=2 (0x2)
"Viewpoint Manager Service"=2 (0x2)
"gusvc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Documents and Settings\\Zack\\Local Settings\\Temp\\ImInstaller\\incredimail_installer.exe"=
"c:\\Documents and Settings\\Paul_Kara\\My Documents\\BearShare\\BearShare.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\BearShare\\BearShare.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"2744:TCP"= 2744:TCP:Services
"2122:TCP"= 2122:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop
"5493:TCP"= 5493:TCP:Services
"9486:TCP"= 9486:TCP:Services
"3973:TCP"= 3973:TCP:Services
"6446:TCP"= 6446:TCP:Services
"6551:TCP"= 6551:TCP:Services
"6552:TCP"= 6552:TCP:Services
"4255:TCP"= 4255:TCP:Services
"7010:TCP"= 7010:TCP:Services

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [5/14/2009 12:47 PM 207792]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/26/2008 9:56 AM 165584]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [3/17/2006 7:25 PM 65536]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/26/2008 9:56 AM 17744]
R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [5/29/2009 9:01 AM 266240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S3 P0630VID;Creative WebCam Live!;c:\windows\system32\drivers\P0630Vid.sys [2/25/2009 12:13 PM 91830]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [10/22/2008 12:45 PM 359624]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/11/2004 7:00 PM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [7/21/2009 5:49 PM 24652]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM   REG_MULTI_SZ      WINRM
.
Contents of the 'Scheduled Tasks' folder

2010-09-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]

2010-09-29 c:\windows\Tasks\User_Feed_Synchronization-{D1D147E5-2578-4F62-9C0E-265D823D9E95}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: on-linetechnologies.com\olcc8
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Paul_Kara\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - qrobe.it
FF - prefs.js: browser.startup.homepage - hxxp://www.kcm.org/
FF - component: c:\documents and settings\Paul_Kara\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\Mozilla Firefox\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npperformeroptimum.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npArtistScope42.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npArtistScopeDRM11.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-MSMSGS - c:\program files\Messenger\msmsgs.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-29 16:13
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys >>UNKNOWN [0x89BD178A]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba0ecf28
\Driver\ACPI -> ACPI.sys @ 0xb9f5fcb8
\Driver\atapi -> ntkrnlpa.exe @ 0x80586e11
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
 ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
 ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Broadcom NetXtreme 57xx Gigabit Controller -> SendCompleteHandler -> 0x89c37b60
 PacketIndicateHandler -> NDIS.sys @ 0xb9ddda21
 SendHandler -> NDIS.sys @ 0xb9dbb87b
copy of MBR has been found in sector 0x012A050FC
malicious code @ sector 0x012A050FF !
PE file found in sector at 0x012A05115 !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1096188741-765046003-2518913026-1008\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1AA76D0A-93E2-58EB-4BF9-030E4DCBC034}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(560)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'explorer.exe'(6600)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\IncrediMail\bin\IMApp.exe
.
**************************************************************************
.
Completion time: 2010-09-29  16:21:16 - machine was rebooted
ComboFix-quarantined-files.txt  2010-09-29 20:21

Pre-Run: 124,572,438,528 bytes free
Post-Run: 124,647,206,912 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 245B15FF955A1EE7ED0FCBF3C78DE6EC

[SuperDave]

You have Viewpoint installed.

Viewpoint Media Player/Manager/Toolbar is considered as Foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".

More information:

* ViewMgr.exe - Useless
* Viewpoint to Plunge Into Adware

It is suggested to remove the program now. Go to Start > Control Panel > Add/Remove Programs - (Vista & Win7 is Programs and Features) and remove the following programs if present.

* Viewpoint
* Viewpoint Manager
* Viewpoint Media Player
* Viewpoint Toolbar
* Viewpoint Experience Technology
*********************************
Re-running ComboFix to remove infections:

• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Open notepad and copy/paste the text in the quotebox below into it:
  

  KillAll::
  
  Folder::
  c:\program files\BearShare
  
  
• Save this as CFScript.txt, in the same location as ComboFix.exe
  
  
  
  
• Referring to the picture above, drag CFScript into ComboFix.exe
  
• When finished, it shall produce a log for you at C:\ComboFix.txt
  
• Please post the contents of the log in your next reply.

***********************************
Please open Command Prompt (Start > Run and type CMD and press OK [Vista/7: Start search: CMD and press enter])
Enter the following in to the black box, pressing enter after each line:

Code: [Select]

cd desktop

mbr.exe -f

exit

Post a log (MBR.log).

[busymom]

ComboFix 10-10-03.01 - Paul_Kara 10/04/2010   9:05.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2046.1631 [GMT -4:00]
Running from: c:\documents and settings\Paul_Kara\My Documents\Downloads\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

(((((((((((((((((((((((((   Files Created from 2010-09-04 to 2010-10-04  )))))))))))))))))))))))))))))))
.

2010-09-29 14:36 . 2010-04-29 19:39   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-29 14:36 . 2010-04-29 19:39   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-09-29 14:36 . 2010-09-29 14:36   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-09-29 14:21 . 2010-09-29 14:21   63488   ----a-w-   c:\documents and settings\Paul_Kara\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-29 14:21 . 2010-09-29 14:21   52224   ----a-w-   c:\documents and settings\Paul_Kara\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-09-29 14:21 . 2010-09-29 14:21   117760   ----a-w-   c:\documents and settings\Paul_Kara\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-29 14:20 . 2010-09-29 14:20   --------   d-----w-   c:\documents and settings\Paul_Kara\Application Data\SUPERAntiSpyware.com
2010-09-29 14:20 . 2010-09-29 14:20   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-09-29 14:20 . 2010-09-29 14:20   --------   d-----w-   c:\program files\SUPERAntiSpyware
2010-09-29 14:15 . 2010-09-29 14:15   --------   d-----w-   c:\documents and settings\Paul_Kara\Local Settings\Application Data\WinZip
2010-09-23 21:42 . 2010-09-23 21:42   --------   d-----w-   c:\program files\AML Products
2010-09-22 22:25 . 2010-09-22 22:25   --------   d-----w-   c:\windows\system32\Registry Patrol
2010-09-22 22:25 . 2010-09-22 22:31   --------   d-----w-   c:\program files\Registry Patrol
2010-09-22 19:45 . 2010-09-22 19:45   388096   ----a-r-   c:\documents and settings\Paul_Kara\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-22 19:45 . 2010-09-22 19:45   --------   d-----w-   c:\program files\Trend Micro
2010-09-22 19:37 . 2010-08-30 18:33   43008   ----a-w-   c:\documents and settings\Paul_Kara\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-09-22 19:37 . 2010-08-30 18:33   338944   ----a-w-   c:\documents and settings\Paul_Kara\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-09-22 19:37 . 2010-08-30 18:33   346112   ----a-w-   c:\documents and settings\Paul_Kara\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-09-22 19:37 . 2010-08-30 18:34   1496064   ----a-w-   c:\documents and settings\Paul_Kara\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-09-22 00:12 . 2010-09-22 00:12   3584   ----a-r-   c:\documents and settings\Paul_Kara\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2010-09-22 00:12 . 2010-09-22 00:12   --------   d-----w-   c:\program files\Windows Installer Clean Up
2010-09-21 23:34 . 2010-09-21 23:34   --------   d-----w-   c:\program files\Apple Software Update
2010-09-21 23:15 . 2010-09-21 23:15   --------   d-----w-   c:\program files\iPod
2010-09-21 23:15 . 2010-09-21 23:16   --------   d-----w-   c:\program files\iTunes
2010-09-21 23:15 . 2010-09-21 23:16   --------   d-----w-   c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-09-21 23:06 . 2010-09-21 23:06   --------   d-----w-   c:\program files\Bonjour
2010-09-21 23:04 . 2010-09-21 23:05   --------   d-----w-   c:\program files\BearShare
2010-09-21 23:03 . 2010-09-21 23:03   73000   ----a-w-   c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe
2010-09-21 10:29 . 2010-09-07 15:12   38848   ----a-w-   c:\windows\avastSS.scr
2010-09-21 10:29 . 2010-09-21 10:29   --------   d-----w-   c:\documents and settings\All Users\Application Data\Alwil Software

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-04 12:53 . 2009-07-21 21:49   --------   d-----w-   c:\documents and settings\All Users\Application Data\Viewpoint
2010-09-29 14:15 . 2009-04-26 21:00   --------   d-----w-   c:\documents and settings\All Users\Application Data\WinZip
2010-09-29 14:13 . 2008-10-22 16:45   --------   d---a-w-   c:\documents and settings\All Users\Application Data\TEMP
2010-09-29 14:13 . 2008-10-22 16:45   --------   d-----w-   c:\program files\Spyware Doctor
2010-09-29 13:57 . 2007-02-17 22:52   264808   -c--a-w-   c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-23 22:35 . 2010-02-03 21:04   --------   d-----w-   c:\program files\Eusing Free Registry Cleaner
2010-09-22 11:31 . 2010-07-11 03:14   --------   d-----w-   c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-22 11:30 . 2009-01-23 18:39   --------   d-----w-   c:\program files\CCleaner
2010-09-22 00:38 . 2009-04-19 13:14   --------   d-----w-   c:\documents and settings\Paul_Kara\Application Data\Apple Computer
2010-09-22 00:12 . 2008-11-30 23:30   --------   d-----w-   c:\program files\MSECache
2010-09-21 23:15 . 2008-12-14 14:44   --------   d-----w-   c:\program files\Common Files\Apple
2010-09-21 23:11 . 2008-10-22 02:06   --------   d-----w-   c:\program files\QuickTime
2010-09-21 22:00 . 2009-08-14 15:38   --------   d-----w-   c:\program files\Smart Diary Suite 4
2010-09-21 10:34 . 2008-10-26 13:56   --------   d-----w-   c:\program files\Alwil Software
2010-09-07 15:11 . 2008-10-26 13:56   167592   ----a-w-   c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2008-10-26 13:56   46672   ----a-w-   c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2008-10-26 13:56   165584   ----a-w-   c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2008-10-26 13:56   23376   ----a-w-   c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2008-10-26 13:56   100176   ----a-w-   c:\windows\system32\drivers\aswmon2.sys
2010-09-07 14:47 . 2008-10-26 13:56   94544   ----a-w-   c:\windows\system32\drivers\aswmon.sys
2010-09-07 14:47 . 2008-10-26 13:56   17744   ----a-w-   c:\windows\system32\drivers\aswFsBlk.sys
2010-09-07 14:46 . 2008-10-26 13:56   28880   ----a-w-   c:\windows\system32\drivers\aavmker4.sys
2010-08-17 13:17 . 2004-08-11 23:00   58880   ----a-w-   c:\windows\system32\spoolsv.exe
2010-08-13 22:49 . 2009-01-06 19:14   --------   d-----w-   c:\program files\Yahoo!
2010-08-13 22:49 . 2007-02-17 22:44   --------   d-----w-   c:\program files\Google
2010-08-13 00:01 . 2010-08-13 00:01   --------   d-----w-   c:\program files\Defraggler
2010-08-13 00:01 . 2010-08-13 00:01   --------   d-----w-   c:\documents and settings\Paul_Kara\Application Data\Yahoo!
2010-08-12 23:06 . 2007-02-17 22:43   --------   d-----w-   c:\program files\Microsoft.NET
2010-07-27 22:44 . 2010-07-27 22:44   91424   ----a-w-   c:\windows\system32\dnssd.dll
2010-07-27 22:44 . 2010-07-27 22:44   197920   ----a-w-   c:\windows\system32\dnssdX.dll
2010-07-27 22:44 . 2010-07-27 22:44   107808   ----a-w-   c:\windows\system32\dns-sd.exe
2010-07-22 15:49 . 2004-08-11 23:00   590848   ----a-w-   c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-04-17 02:37   5120   ----a-w-   c:\windows\system32\xpsp4res.dll
2008-12-29 11:52 . 2008-12-29 11:52   27976   -c--a-w-   c:\program files\mozilla firefox\plugins\atgpcdec.dll
2008-12-29 11:52 . 2008-12-29 11:52   126360   -c--a-w-   c:\program files\mozilla firefox\plugins\atgpcext.dll
2008-12-29 11:52 . 2008-12-29 11:52   46408   -c--a-w-   c:\program files\mozilla firefox\plugins\atmccli.dll
2008-12-29 11:52 . 2008-12-29 11:52   98712   -c--a-w-   c:\program files\mozilla firefox\plugins\ieatgpc.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2010-04-08 353736]
"SmartDiarySuite4"="c:\program files\Smart Diary Suite 4\SDS4.exe" [2010-08-25 5220056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 843776]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-04-02 40368]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-17 00:35   87352   ----a-w-   c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06   976832   ----a-w-   c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-02 18:05   40368   ----a-w-   c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12   15360   ----a-w-   c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2006-08-29 03:57   395776   -c--a-w-   c:\program files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-06-23 22:31   53248   -c----w-   c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-02-19 06:41   49152   -c--a-w-   c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
2009-11-18 17:47   1243088   ----a-w-   c:\program files\Spyware Doctor\pctsTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-07-27 22:50   81920   -c--a-w-   c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-01 12:32   421160   ----a-w-   c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2008-08-14 21:15   2407184   -c--a-w-   c:\program files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
2008-11-07 17:51   95536   -c--a-w-   c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-08-10 09:15   421888   ----a-w-   c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 21:47   25623336   ----a-r-   c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartDiarySuite4]
2010-08-25 22:28   5220056   ----a-w-   c:\program files\Smart Diary Suite 4\SDS4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 20:07   2260480   --sha-r-   c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-07-25 09:23   149280   -c--a-w-   c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avast! Mail Scanner"=3 (0x3)
"SharedAccess"=2 (0x2)
"Viewpoint Manager Service"=2 (0x2)
"gusvc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Documents and Settings\\Zack\\Local Settings\\Temp\\ImInstaller\\incredimail_installer.exe"=
"c:\\Documents and Settings\\Paul_Kara\\My Documents\\BearShare\\BearShare.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\BearShare\\BearShare.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"2744:TCP"= 2744:TCP:Services
"2122:TCP"= 2122:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop
"5493:TCP"= 5493:TCP:Services
"9486:TCP"= 9486:TCP:Services
"3973:TCP"= 3973:TCP:Services
"6446:TCP"= 6446:TCP:Services
"6551:TCP"= 6551:TCP:Services
"6552:TCP"= 6552:TCP:Services
"4255:TCP"= 4255:TCP:Services
"7010:TCP"= 7010:TCP:Services
"4614:TCP"= 4614:TCP:Services
"7728:TCP"= 7728:TCP:Services

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [5/14/2009 12:47 PM 207792]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/26/2008 9:56 AM 165584]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [3/17/2006 7:25 PM 65536]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/26/2008 9:56 AM 17744]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [5/29/2009 9:01 AM 266240]
S3 P0630VID;Creative WebCam Live!;c:\windows\system32\drivers\P0630Vid.sys [2/25/2009 12:13 PM 91830]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [10/22/2008 12:45 PM 359624]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/11/2004 7:00 PM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM   REG_MULTI_SZ      WINRM
.
Contents of the 'Scheduled Tasks' folder

2010-09-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]

2010-10-04 c:\windows\Tasks\User_Feed_Synchronization-{D1D147E5-2578-4F62-9C0E-265D823D9E95}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: on-linetechnologies.com\olcc8
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Paul_Kara\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - qrobe.it
FF - prefs.js: browser.startup.homepage - hxxp://www.kcm.org/
FF - component: c:\documents and settings\Paul_Kara\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\Mozilla Firefox\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npperformeroptimum.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npArtistScope42.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npArtistScopeDRM11.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys PCTCore.sys >>UNKNOWN [0x89BA878A]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba0ecf28
\Driver\ACPI -> ACPI.sys @ 0xb9f5fcb8
\Driver\atapi -> ntkrnlpa.exe @ 0x80586e11
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
 ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
 ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Broadcom NetXtreme 57xx Gigabit Controller -> SendCompleteHandler -> 0x89c0eb60
 PacketIndicateHandler -> NDIS.sys @ 0xb9ddda21
 SendHandler -> NDIS.sys @ 0xb9dbb87b
copy of MBR has been found in sector 0x012A050FC
malicious code @ sector 0x012A050FF !
PE file found in sector at 0x012A05115 !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1096188741-765046003-2518913026-1008\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1AA76D0A-93E2-58EB-4BF9-030E4DCBC034}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(556)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Completion time: 2010-10-04  09:14:43
ComboFix-quarantined-files.txt  2010-10-04 13:14
ComboFix2.txt  2010-09-29 20:21

Pre-Run: 124,585,431,040 bytes free
Post-Run: 124,578,684,928 bytes free

- - End Of File - - 01C09B4147A6B3132C5FDDCD062AA6FD


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
copy of MBR has been found in sector 0x012A050FC
malicious code @ sector 0x012A050FF !
PE file found in sector at 0x012A05115 !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.
original MBR restored successfully !

[SuperDave]

You did do as instructed in Reply #8. Please run the ComboFix script as instructed.

* Download the following tool: RootRepeal - Rootkit Detector
* Direct download link is here: RootRepeal.zip

* Close all programs and temporarily disable your anti-virus, Firewall and any anti-malware real-time protection before performing a scan.
* Click this link to see a list of such programs and how to disable them.

* Extract the program file to a new folder such as C:\RootRepeal
* Run the program RootRepeal.exe and go to the REPORT tab and click on the Scan button.
* Select ALL of the checkboxes and then click OK and it will start scanning your system.
* If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
* When done, click on Save Report
* Save it to the same location where you ran it from, such as C:RootRepeal
* Save it as rootrepeal.txt
* Then open that log and select all and copy/paste it back on your next reply please.
* Close RootRepeal.

[busymom]

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:      2010/10/04 19:39
Program Version:      Version 1.3.5.0
Windows Version:      Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA8DAC000   Size: 98304   File Visible: No   Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBA60E000   Size: 8192   File Visible: No   Signed: -
Status: -

Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xB9DE8000   Size: 574976   File Visible: -   Signed: -
Status: Hidden from the Windows API!

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA6185000   Size: 49152   File Visible: No   Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xA8FE0000   Size: 361600   File Visible: -   Signed: -
Status: Hidden from the Windows API!

SSDT
-------------------
#: 025   Function Name: NtClose
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa8dcccf0

#: 041   Function Name: NtCreateKey
Status: Hooked by "PCTCore.sys" at address 0xb9ecae52

#: 047   Function Name: NtCreateProcess
Status: Hooked by "PCTCore.sys" at address 0xb9eabcde

#: 048   Function Name: NtCreateProcessEx
Status: Hooked by "PCTCore.sys" at address 0xb9eabed0

#: 063   Function Name: NtDeleteKey
Status: Hooked by "PCTCore.sys" at address 0xb9ecb640

#: 065   Function Name: NtDeleteValueKey
Status: Hooked by "PCTCore.sys" at address 0xb9ecb8f4

#: 068   Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa8dcc782

#: 119   Function Name: NtOpenKey
Status: Hooked by "PCTCore.sys" at address 0xb9ec9b44

#: 122   Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa8dcc6c2

#: 128   Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa8dcc726

#: 177   Function Name: NtQueryValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa8dccda6

#: 192   Function Name: NtRenameKey
Status: Hooked by "PCTCore.sys" at address 0xb9ecbd60

#: 204   Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa8dccd66

#: 247   Function Name: NtSetValueKey
Status: Hooked by "PCTCore.sys" at address 0xb9ecb112

#: 257   Function Name: NtTerminateProcess
Status: Hooked by "PCTCore.sys" at address 0xb9eab984

#: 277   Function Name: NtWriteVirtualMemory
Status: Hooked by "C:\WINDOWS\system32\drivers\iksysflt.sys" at address 0xa90a6384

==EOF==

I THINK I combofix corrected this time:)

ComboFix 10-10-03.01 - Paul_Kara 10/04/2010  19:46:24.3.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2046.1402 [GMT -4:00]
Running from: c:\documents and settings\Paul_Kara\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Paul_Kara\My Documents\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\BearShare
c:\program files\BearShare\BearShare.dat
c:\program files\BearShare\BearShare.exe
c:\program files\BearShare\BSidle.dll
c:\program files\BearShare\db\connect.txt
c:\program files\BearShare\db\library.2.db-journal
c:\program files\BearShare\db\library.2.db
c:\program files\BearShare\db\library.2.db.lastgoodload.bak
c:\program files\BearShare\db\library.db
c:\program files\BearShare\db\library.db.lastgoodload.bak
c:\program files\BearShare\FreePeers.ini
c:\program files\BearShare\History.txt
c:\program files\BearShare\INSTALL.LOG
c:\program files\BearShare\Logs\hosts-state.txt
c:\program files\BearShare\Logs\memory.txt
c:\program files\BearShare\Logs\ordinal.txt
c:\program files\BearShare\Logs\streams.txt
c:\program files\BearShare\RunMSC.dll
c:\program files\BearShare\sounds\notify.wav
c:\program files\BearShare\UNWISE.EXE
c:\program files\BearShare\Webstats.bat
c:\program files\BearShare\Webstats.exe
c:\program files\BearShare\Webstats.ini

.
(((((((((((((((((((((((((   Files Created from 2010-09-04 to 2010-10-04  )))))))))))))))))))))))))))))))
.

2010-10-04 23:53 . 2010-10-04 23:53   14456   ----atw-   c:\documents and settings\Paul_Kara\Application Data\Microsoft\mjcriu.dll
2010-10-04 23:53 . 2010-10-04 23:53   16448   ----atw-   c:\documents and settings\Paul_Kara\Application Data\Microsoft\rsaadjd.dll
2010-10-04 23:53 . 2010-10-04 23:53   16448   ----atw-   c:\documents and settings\Paul_Kara\Application Data\Microsoft\kfgresk.dll
2010-10-04 23:53 . 2010-10-04 23:53   12352   ----atw-   c:\documents and settings\Paul_Kara\Application Data\Microsoft\peaadje.dll
2010-10-04 23:53 . 2010-10-04 23:53   17472   ----atw-   c:\documents and settings\Paul_Kara\Application Data\Microsoft\1eaadjc.dll
2010-10-04 23:53 . 2010-10-04 23:53   28760   ----atw-   c:\documents and settings\Paul_Kara\Application Data\Microsoft\qwadjb.dll
2010-10-04 23:53 . 2010-10-04 23:54   18724   ----atw-   c:\documents and settings\Paul_Kara\Application Data\Microsoft\bass.dll
2010-10-04 14:08 . 2010-10-04 14:08   --------   d-----w-   c:\documents and settings\All Users\Application Data\PhotoMail
2010-10-04 14:08 . 2010-10-04 14:08   --------   d-----w-   c:\program files\PhotoMail Maker
2010-09-29 14:36 . 2010-04-29 19:39   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-29 14:36 . 2010-04-29 19:39   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-09-29 14:36 . 2010-09-29 14:36   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-09-29 14:21 . 2010-09-29 14:21   63488   ----a-w-   c:\documents and settings\Paul_Kara\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-29 14:21 . 2010-09-29 14:21   52224   ----a-w-   c:\documents and settings\Paul_Kara\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-09-29 14:21 . 2010-09-29 14:21   117760   ----a-w-   c:\documents and settings\Paul_Kara\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-29 14:20 . 2010-09-29 14:20   --------   d-----w-   c:\documents and settings\Paul_Kara\Application Data\SUPERAntiSpyware.com
2010-09-29 14:20 . 2010-09-29 14:20   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-09-29 14:20 . 2010-09-29 14:20   --------   d-----w-   c:\program files\SUPERAntiSpyware
2010-09-29 14:15 . 2010-10-04 23:36   --------   d-----w-   c:\documents and settings\Paul_Kara\Local Settings\Application Data\WinZip
2010-09-23 21:42 . 2010-09-23 21:42   --------   d-----w-   c:\program files\AML Products
2010-09-22 22:25 . 2010-09-22 22:25   --------   d-----w-   c:\windows\system32\Registry Patrol
2010-09-22 22:25 . 2010-09-22 22:31   --------   d-----w-   c:\program files\Registry Patrol
2010-09-22 19:45 . 2010-09-22 19:45   388096   ----a-r-   c:\documents and settings\Paul_Kara\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-22 19:45 . 2010-09-22 19:45   --------   d-----w-   c:\program files\Trend Micro
2010-09-22 19:37 . 2010-08-30 18:33   43008   ----a-w-   c:\documents and settings\Paul_Kara\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-09-22 19:37 . 2010-08-30 18:33   338944   ----a-w-   c:\documents and settings\Paul_Kara\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-09-22 19:37 . 2010-08-30 18:33   346112   ----a-w-   c:\documents and settings\Paul_Kara\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-09-22 19:37 . 2010-08-30 18:34   1496064   ----a-w-   c:\documents and settings\Paul_Kara\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-09-22 00:12 . 2010-09-22 00:12   3584   ----a-r-   c:\documents and settings\Paul_Kara\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2010-09-22 00:12 . 2010-09-22 00:12   --------   d-----w-   c:\program files\Windows Installer Clean Up
2010-09-21 23:34 . 2010-09-21 23:34   --------   d-----w-   c:\program files\Apple Software Update
2010-09-21 23:15 . 2010-09-21 23:15   --------   d-----w-   c:\program files\iPod
2010-09-21 23:15 . 2010-09-21 23:16   --------   d-----w-   c:\program files\iTunes
2010-09-21 23:15 . 2010-09-21 23:16   --------   d-----w-   c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-09-21 23:06 . 2010-09-21 23:06   --------   d-----w-   c:\program files\Bonjour
2010-09-21 23:03 . 2010-09-21 23:03   73000   ----a-w-   c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe
2010-09-21 10:29 . 2010-09-07 15:12   38848   ----a-w-   c:\windows\avastSS.scr
2010-09-21 10:29 . 2010-09-21 10:29   --------   d-----w-   c:\documents and settings\All Users\Application Data\Alwil Software

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-04 12:53 . 2009-07-21 21:49   --------   d-----w-   c:\documents and settings\All Users\Application Data\Viewpoint
2010-09-29 14:15 . 2009-04-26 21:00   --------   d-----w-   c:\documents and settings\All Users\Application Data\WinZip
2010-09-29 14:13 . 2008-10-22 16:45   --------   d---a-w-   c:\documents and settings\All Users\Application Data\TEMP
2010-09-29 14:13 . 2008-10-22 16:45   --------   d-----w-   c:\program files\Spyware Doctor
2010-09-29 13:57 . 2007-02-17 22:52   264808   -c--a-w-   c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-23 22:35 . 2010-02-03 21:04   --------   d-----w-   c:\program files\Eusing Free Registry Cleaner
2010-09-22 11:31 . 2010-07-11 03:14   --------   d-----w-   c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-22 11:30 . 2009-01-23 18:39   --------   d-----w-   c:\program files\CCleaner
2010-09-22 00:38 . 2009-04-19 13:14   --------   d-----w-   c:\documents and settings\Paul_Kara\Application Data\Apple Computer
2010-09-22 00:12 . 2008-11-30 23:30   --------   d-----w-   c:\program files\MSECache
2010-09-21 23:15 . 2008-12-14 14:44   --------   d-----w-   c:\program files\Common Files\Apple
2010-09-21 23:11 . 2008-10-22 02:06   --------   d-----w-   c:\program files\QuickTime
2010-09-21 22:00 . 2009-08-14 15:38   --------   d-----w-   c:\program files\Smart Diary Suite 4
2010-09-21 10:34 . 2008-10-26 13:56   --------   d-----w-   c:\program files\Alwil Software
2010-09-07 15:11 . 2008-10-26 13:56   167592   ----a-w-   c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2008-10-26 13:56   46672   ----a-w-   c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2008-10-26 13:56   165584   ----a-w-   c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2008-10-26 13:56   23376   ----a-w-   c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2008-10-26 13:56   100176   ----a-w-   c:\windows\system32\drivers\aswmon2.sys
2010-09-07 14:47 . 2008-10-26 13:56   94544   ----a-w-   c:\windows\system32\drivers\aswmon.sys
2010-09-07 14:47 . 2008-10-26 13:56   17744   ----a-w-   c:\windows\system32\drivers\aswFsBlk.sys
2010-09-07 14:46 . 2008-10-26 13:56   28880   ----a-w-   c:\windows\system32\drivers\aavmker4.sys
2010-08-17 13:17 . 2004-08-11 23:00   58880   ----a-w-   c:\windows\system32\spoolsv.exe
2010-08-13 22:49 . 2009-01-06 19:14   --------   d-----w-   c:\program files\Yahoo!
2010-08-13 22:49 . 2007-02-17 22:44   --------   d-----w-   c:\program files\Google
2010-08-13 00:01 . 2010-08-13 00:01   --------   d-----w-   c:\program files\Defraggler
2010-08-13 00:01 . 2010-08-13 00:01   --------   d-----w-   c:\documents and settings\Paul_Kara\Application Data\Yahoo!
2010-08-12 23:06 . 2007-02-17 22:43   --------   d-----w-   c:\program files\Microsoft.NET
2010-07-27 22:44 . 2010-07-27 22:44   91424   ----a-w-   c:\windows\system32\dnssd.dll
2010-07-27 22:44 . 2010-07-27 22:44   197920   ----a-w-   c:\windows\system32\dnssdX.dll
2010-07-27 22:44 . 2010-07-27 22:44   107808   ----a-w-   c:\windows\system32\dns-sd.exe
2010-07-22 15:49 . 2004-08-11 23:00   590848   ----a-w-   c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-04-17 02:37   5120   ----a-w-   c:\windows\system32\xpsp4res.dll
2008-12-29 11:52 . 2008-12-29 11:52   27976   -c--a-w-   c:\program files\mozilla firefox\plugins\atgpcdec.dll
2008-12-29 11:52 . 2008-12-29 11:52   126360   -c--a-w-   c:\program files\mozilla firefox\plugins\atgpcext.dll
2008-12-29 11:52 . 2008-12-29 11:52   46408   -c--a-w-   c:\program files\mozilla firefox\plugins\atmccli.dll
2008-12-29 11:52 . 2008-12-29 11:52   98712   -c--a-w-   c:\program files\mozilla firefox\plugins\ieatgpc.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2010-10-04 353736]
"SmartDiarySuite4"="c:\program files\Smart Diary Suite 4\SDS4.exe" [2010-08-25 5220056]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 843776]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-04-02 40368]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-17 00:35   87352   ----a-w-   c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06   976832   ----a-w-   c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-02 18:05   40368   ----a-w-   c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12   15360   ----a-w-   c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2006-08-29 03:57   395776   -c--a-w-   c:\program files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-06-23 22:31   53248   -c----w-   c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-02-19 06:41   49152   -c--a-w-   c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
2009-11-18 17:47   1243088   ----a-w-   c:\program files\Spyware Doctor\pctsTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-07-27 22:50   81920   -c--a-w-   c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-01 12:32   421160   ----a-w-   c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2008-08-14 21:15   2407184   -c--a-w-   c:\program files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
2008-11-07 17:51   95536   -c--a-w-   c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-08-10 09:15   421888   ----a-w-   c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 21:47   25623336   ----a-r-   c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartDiarySuite4]
2010-08-25 22:28   5220056   ----a-w-   c:\program files\Smart Diary Suite 4\SDS4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 20:07   2260480   --sha-r-   c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-07-25 09:23   149280   -c--a-w-   c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avast! Mail Scanner"=3 (0x3)
"SharedAccess"=2 (0x2)
"Viewpoint Manager Service"=2 (0x2)
"gusvc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Documents and Settings\\Zack\\Local Settings\\Temp\\ImInstaller\\incredimail_installer.exe"=
"c:\\Documents and Settings\\Paul_Kara\\My Documents\\BearShare\\BearShare.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"2744:TCP"= 2744:TCP:Services
"2122:TCP"= 2122:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop
"5493:TCP"= 5493:TCP:Services
"9486:TCP"= 9486:TCP:Services
"3973:TCP"= 3973:TCP:Services
"6446:TCP"= 6446:TCP:Services
"6551:TCP"= 6551:TCP:Services
"6552:TCP"= 6552:TCP:Services
"4255:TCP"= 4255:TCP:Services
"7010:TCP"= 7010:TCP:Services
"4614:TCP"= 4614:TCP:Services
"7728:TCP"= 7728:TCP:Services

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [5/14/2009 12:47 PM 207792]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/26/2008 9:56 AM 165584]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [3/17/2006 7:25 PM 65536]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/26/2008 9:56 AM 17744]
R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [5/29/2009 9:01 AM 266240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S3 P0630VID;Creative WebCam Live!;c:\windows\system32\drivers\P0630Vid.sys [2/25/2009 12:13 PM 91830]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [10/22/2008 12:45 PM 359624]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/11/2004 7:00 PM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM   REG_MULTI_SZ      WINRM
.
Contents of the 'Scheduled Tasks' folder

2010-09-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]

2010-10-04 c:\windows\Tasks\User_Feed_Synchronization-{D1D147E5-2578-4F62-9C0E-265D823D9E95}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: on-linetechnologies.com\olcc8
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Paul_Kara\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - qrobe.it
FF - prefs.js: browser.startup.homepage - hxxp://www.kcm.org/
FF - component: c:\documents and settings\Paul_Kara\Application Data\Mozilla\Firefox\Profiles\osga25qf.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\Mozilla Firefox\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npperformeroptimum.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npArtistScope42.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npArtistScopeDRM11.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-BearShare - c:\progra~1\BEARSH~1\UNWISE.EXE


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1096188741-765046003-2518913026-1008\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1AA76D0A-93E2-58EB-4BF9-030E4DCBC034}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(488)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'explorer.exe'(7336)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\SUPERAntiSpyware\SASSEH.DLL
c:\progra~1\SPYBOT~1\SDHelper.dll
c:\windows\System32\DLA\DLASHX_W.DLL
c:\windows\system32\DLAAPI_W.DLL
c:\windows\System32\DLA\DLACResW.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\LMIRfsClientNP.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\Audiodev.dll
c:\windows\system32\WMVCore.DLL
c:\windows\system32\WMASF.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\IncrediMail\bin\IMApp.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Symantec\LiveUpdate\AUpdate.exe
c:\progra~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
.
**************************************************************************
.
Completion time: 2010-10-04  19:58:32 - machine was rebooted
ComboFix-quarantined-files.txt  2010-10-04 23:58
ComboFix2.txt  2010-10-04 13:14
ComboFix3.txt  2010-09-29 20:21

Pre-Run: 124,431,691,776 bytes free
Post-Run: 124,495,597,568 bytes free

- - End Of File - - 825820D685EB024E973DA7B8717FEA5F

[SuperDave]

How's your computer running now?

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

[busymom]

I just wanted to thank you for ALL your help! My computer works GREAT!! I can even start my work from home job as a inbound customer service agent thanks to you!!
Thank you again!

[SuperDave]

Did you run the ESET scan? What were the results? I need to see this ESET scan log before I'll know that the computer is clean.