Author Topic: Scan Results (Read 21674 times)

darthgaul · « **on:** April 15, 2011, 10:50:38 PM »

Hi I have noticed that a program tried to install whenever i go to a browser screen that requires a password or account number. I wonder if some sort of keylogger is trying to capture my information. I followed the steps and here is the results of my scans:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/15/2011 at 05:59 PM

Application Version : 4.50.1002

Core Rules Database Version : 6852
Trace Rules Database Version: 4664

Scan type : Complete Scan
Total Scan Time : 02:16:18

Memory items scanned : 499
Memory threats detected : 0
Registry items scanned : 6236
Registry threats detected : 11
File items scanned : 148742
File threats detected : 1131

Adware.Tracking Cookie
   C:\Documents and Settings\Admin\Cookies\admin@casalemedia[1].txt
   C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
   C:\Documents and Settings\Admin\Cookies\admin@advertising[1].txt
   C:\Documents and Settings\Admin\Cookies\admin@atdmt[1].txt
   C:\Documents and Settings\Admin\Cookies\admin@doubleclick[2].txt
   C:\Documents and Settings\Admin\Cookies\admin@statcounter[2].txt
   C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
   C:\Documents and Settings\Admin\Cookies\admin@serving-sys[1].txt
   C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
   C:\Documents and Settings\Admin\Cookies\admin@fastclick[1].txt
   C:\Documents and Settings\Admin\Cookies\admin@tribalfusion[1].txt
   C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
   C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
   C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
   C:\Documents and Settings\Admin\Cookies\admin@adbureau[1].txt
   C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
   C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
   cdn4.specificclick.net [ C:\Documents and Settings\Admin\Application Data\Macromedia\Flash Player\#SharedObjects\3Y5EUDJ8 ]
   core.insightexpressai.com [ C:\Documents and Settings\Admin\Application Data\Macromedia\Flash Player\#SharedObjects\3Y5EUDJ8 ]
   i.*adult URL* [ C:\Documents and Settings\Admin\Application Data\Macromedia\Flash Player\#SharedObjects\3Y5EUDJ8 ]
   ia.media-imdb.com [ C:\Documents and Settings\Admin\Application Data\Macromedia\Flash Player\#SharedObjects\3Y5EUDJ8 ]
   ictv-ic-ec.indieclicktv.com [ C:\Documents and Settings\Admin\Application Data\Macromedia\Flash Player\#SharedObjects\3Y5EUDJ8 ]
   interclick.com [ C:\Documents and Settings\Admin\Application Data\Macromedia\Flash Player\#SharedObjects\3Y5EUDJ8 ]
   media.mtvnservices.com [ C:\Documents and Settings\Admin\Application Data\Macromedia\Flash Player\#SharedObjects\3Y5EUDJ8 ]
   media.universalorlando.com [ C:\Documents and Settings\Admin\Application Data\Macromedia\Flash Player\#SharedObjects\3Y5EUDJ8 ]
   msnbcmedia.msn.com [ C:\Documents and Settings\Admin\Application Data\Macromedia\Flash Player\#SharedObjects\3Y5EUDJ8 ]
   objects.tremormedia.com [ C:\Documents and Settings\Admin\Application Data\Macromedia\Flash Player\#SharedObjects\3Y5EUDJ8 ]
   s0.2mdn.net [ C:\Documents and Settings\Admin\Application Data\Macromedia\Flash Player\#SharedObjects\3Y5EUDJ8 ]
   secure-us.imrworldwide.com [ C:\Documents and Settings\Admin\Application Data\Macromedia\Flash Player\#SharedObjects\3Y5EUDJ8 ]
   serving-sys.com [ C:\Documents and Settings\Admin\Application Data\Macromedia\Flash Player\#SharedObjects\3Y5EUDJ8 ]
   spe.atdmt.com [ C:\Documents and Settings\Admin\Application Data\Macromedia\Flash Player\#SharedObjects\3Y5EUDJ8 ]
   yo.static.presidiomedia.com [ C:\Documents and Settings\Admin\Application Data\Macromedia\Flash Player\#SharedObjects\3Y5EUDJ8 ]
   C:\Documents and Settings\Admin\Cookies\admin@accounts[3].txt
   .microsoftwindows.112.2o7.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .atdmt.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .avgtechnologies.112.2o7.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .fastclick.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .fastclick.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .adrevolver.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .adrevolver.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   media.adrevolver.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .adopt.specificclick.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .cgm.adbureau.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .adbureau.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .advertising.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .cgm.adbureau.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .microsoftgamestudio.112.2o7.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .burstnet.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .mediaplex.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .ads.pointroll.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .247realmedia.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .collective-media.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .realmedia.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .sonyonlineentertainment.112.2o7.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   data.coremetrics.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .a1.interclick.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .interclick.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .imrworldwide.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .yieldmanager.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .apmebf.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .media.photobucket.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .invitemedia.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .247realmedia.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .atdmt.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .adserver.adtechus.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .pointroll.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   ads.*adult URL* [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .*adult URL* [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .imrworldwide.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .statcounter.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .video.*adult URL* [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   games.*adult URL* [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .iacas.adbureau.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .iacas.adbureau.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .iacas.adbureau.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .iacas.adbureau.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .iacas.adbureau.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .iacas.adbureau.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .iacas.adbureau.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .iacas.adbureau.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .iacas.adbureau.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .ehg-wizardsofthecoast.hitbox.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .2o7.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .2o7.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .sixapart.adbureau.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .at.atwola.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   stat.onestat.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   stat.onestat.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .realmedia.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .realmedia.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .ehg-wizardsofthecoast.hitbox.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .ehg-wizardsofthecoast.hitbox.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .ehg-wizardsofthecoast.hitbox.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .viacom.adbureau.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .viacom.adbureau.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .adbrite.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .viacom.adbureau.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .adinterax.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .s.clickability.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .viacom.adbureau.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .viacom.adbureau.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .2o7.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .2o7.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .adxpose.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .game-advertising-online.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .target.db.advertising.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .trafficmp.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .trafficmp.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .videoegg.adbureau.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .intermundomedia.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .intermundomedia.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .intermundomedia.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .ads.pointroll.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .eaeacom.112.2o7.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .2o7.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .2o7.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .2o7.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   cdn4.specificclick.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   cdn4.specificclick.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   d.mediadakine.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .legolas-media.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .ad.yieldmanager.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .ru4.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .ru4.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .ru4.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .ru4.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .doubleclick.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .msnbc.112.2o7.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .eyewonder.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .msnportal.112.2o7.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .ru4.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   us.sitestat.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   us.sitestat.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .clickbank.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .ru4.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .ru4.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .ru4.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .lucasarts.122.2o7.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .*adult URL* [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .*adult URL* [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .*adult URL* [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .2o7.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   traffic.buyservices.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .buycom.122.2o7.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   stats.gamestop.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .traveladvertising.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .traveladvertising.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .media.universalorlando.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .media.universalorlando.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .media.universalorlando.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   cdn4.specificclick.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   cdn4.specificclick.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   cdn4.specificclick.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   cdn4.specificclick.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   z.blogads.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .divx.112.2o7.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .mtvn.112.2o7.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .philips.112.2o7.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .mediaplex.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .netgear.122.2o7.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .kanoodle.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .kanoodle.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .overture.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .trafficmp.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .2o7.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .liveperson.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   link.mercent.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .liveperson.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .ru4.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .bellglobemediapublishing.122.2o7.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .ad.doubleclick.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   www.insightexpress.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .yieldmanager.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .interclick.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .2o7.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .2o7.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .ru4.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .ru4.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .ru4.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .adserver.adtechus.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .realmedianetwork.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .ru4.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .ru4.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   ads.bridgetrack.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   ads.bridgetrack.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   ads.bridgetrack.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   ads.bridgetrack.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .im.banner.t-online.de [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .adfarm1.adition.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   ad4.adfarm1.adition.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .adfarm1.adition.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .ru4.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .legolas-media.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .toplist.cz [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .amex-insights.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .amex-insights.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .edgeadx.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .edgeadx.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .media.adfrontiers.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .media.adfrontiers.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .ehg-reddoorinteractive.hitbox.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .hitbox.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .hitbox.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   sales.liveperson.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .liveperson.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   dc.tremormedia.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .ru4.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .ru4.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .fedex.122.2o7.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .ru4.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .ru4.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .serving-sys.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .serving-sys.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .serving-sys.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .animetoplist.org [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .tribalfusion.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .tribalfusion.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .tribalfusion.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .tribalfusion.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .tribalfusion.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .trafficmp.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .trafficmp.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .trafficmp.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   www.windowsmedia.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .www.windowsmedia.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .kontera.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   ads.havenhomemedia.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .serving-sys.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .serving-sys.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   *Blocked Russian URL* [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .fastclick.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .collective-media.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .collective-media.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .collective-media.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .adecn.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .dmtracker.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .cracked.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .cracked.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .burstnet.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   www.cracked.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .cracked.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .cracked.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .cracked.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .cracked.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .cracked.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   d.coedmediagroup.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   d.coedmediagroup.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   d.coedmediagroup.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   www.burstbeacon.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .burstbeacon.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .zedo.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .adlegend.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .advertisefirst.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .collective-media.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .collective-media.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .timeinc.122.2o7.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .serving-sys.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .bs.serving-sys.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .server.cpmstar.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .beachstreetmedia.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .ads.pointroll.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .ads.addynamix.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .interclick.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   flagcounter.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .segainc.112.2o7.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .legolas-media.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .legolas-media.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .legolas-media.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   in.getclicky.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .adlegend.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .azjmp.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .azjmp.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .www.burstnet.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .a1.interclick.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .tracking.dsmmadvantage.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   www.googleadservices.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .statcounter.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .statcounter.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .advertising.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .2o7.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .zedo.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .zedo.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .casalemedia.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .zedo.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .leeenterprises.112.2o7.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .zedo.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .zedo.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .s.clickability.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   www.googleadservices.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .doubleclick.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .media6degrees.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .casalemedia.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .a1.interclick.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .adbrite.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .adbrite.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .trafficmp.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .trafficmp.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .content.yieldmanager.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .invitemedia.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .mediabrandsww.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .server.cpmstar.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .server.cpmstar.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .server.cpmstar.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .server.cpmstar.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .realmedia.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .realmedia.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .media6degrees.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .media6degrees.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .collective-media.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   statse.webtrendslive.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .interclick.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .collective-media.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .adinterax.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .overture.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .2o7.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .questionmarket.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .questionmarket.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .technoratimedia.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .technoratimedia.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .technoratimedia.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .technoratimedia.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .technoratimedia.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .technoratimedia.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .technoratimedia.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .mm.chitika.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .casalemedia.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .casalemedia.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .casalemedia.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .smartadserver.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .smartadserver.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .smartadserver.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .smartadserver.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .xiti.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .kontera.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .a1.interclick.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .a1.interclick.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .a1.interclick.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .a1.interclick.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .a1.interclick.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .smartadserver.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   ext-us.bestofmedia.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .at.atwola.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .tacoda.at.atwola.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .tacoda.at.atwola.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .tacoda.at.atwola.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .tacoda.at.atwola.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .at.atwola.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .tacoda.at.atwola.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .tacoda.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .advertising.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .ar.atwola.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .2o7.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .2o7.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .2o7.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .2o7.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .mediaplex.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .eyewonder.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .kontera.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .kontera.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   test.coremetrics.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .casalemedia.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .casalemedia.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .casalemedia.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .casalemedia.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .casalemedia.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .casalemedia.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .zedo.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .lucidmedia.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .content.yieldmanager.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .realmedia.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .realmedia.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .invitemedia.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .invitemedia.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .invitemedia.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .invitemedia.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .invitemedia.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   pixel.invitemedia.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .invitemedia.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .burstnet.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .collective-media.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .collective-media.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .collective-media.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .collective-media.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .collective-media.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .collective-media.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .collective-media.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .adbrite.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .adbrite.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .adbrite.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .adbrite.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .invitemedia.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .pro-market.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .pointroll.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .ads.pointroll.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .ads.pointroll.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .ads.pointroll.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .ads.pointroll.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .ads.pointroll.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .ads.pointroll.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .zedo.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .zedo.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .tribalfusion.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .specificclick.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .specificclick.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .specificclick.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .specificclick.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .specificclick.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .specificclick.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .specificclick.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .specificmedia.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .fastclick.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .fastclick.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .fastclick.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .fastclick.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .realmedia.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .advertising.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .network.realmedia.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .media6degrees.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .media6degrees.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .r1-ads.ace.advertising.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .advertising.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .advertising.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .advertising.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .collective-media.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .media6degrees.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .media6degrees.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .media6degrees.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .serving-sys.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .serving-sys.com [ C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
   C:\Documents and Settings\Guest\Cookies\guest@specificclick[1].txt
   asset2.countrylife.joyeurs.com [ C:\Documents and Settings\Kary\Application Data\Macromedia\Flash Player\#SharedObjects\SUTYC3K2 ]
   cdn4.specificclick.net [ C:\Documents and Settings\Kary\Application Data\Macromedia\Flash Player\#SharedObjects\SUTYC3K2 ]
   ec.atdmt.com [ C:\Documents and Settings\Kary\Application Data\Macromedia\Flash Player\#SharedObjects\SUTYC3K2 ]
   imagec17.247realmedia.com [ C:\Documents and Settings\Kary\Application Data\Macromedia\Flash Player\#SharedObjects\SUTYC3K2 ]
   interclick.com [ C:\Documents and Settings\Kary\Application Data\Macromedia\Flash Player\#SharedObjects\SUTYC3K2 ]
   msnbcmedia.msn.com [ C:\Documents and Settings\Kary\Application Data\Macromedia\Flash Player\#SharedObjects\SUTYC3K2 ]
   spe.atdmt.com [ C:\Documents and Settings\Kary\Application Data\Macromedia\Flash Player\#SharedObjects\SUTYC3K2 ]
   www.*adult URL* [ C:\Documents and Settings\Kary\Application Data\Macromedia\Flash Player\#SharedObjects\SUTYC3K2 ]
   yo.static.presidiomedia.com [ C:\Documents and Settings\Kary\Application Data\Macromedia\Flash Player\#SharedObjects\SUTYC3K2 ]
   C:\Documents and Settings\Kary\Cookies\[email protected][1].txt
   C:\Documents and Settings\Kary\Cookies\kary@statcounter[1].txt
   .*adult URL* [ C:\Documents and Settings\Kary\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .doubleclick.net [ C:\Documents and Settings\Kary\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .atdmt.com [ C:\Documents and Settings\Kary\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .advertising.com [ C:\Documents and Settings\Kary\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .mediaplex.com [ C:\Documents and Settings\Kary\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .msnbc.112.2o7.net [ C:\Documents and Settings\Kary\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .imrworldwide.com [ C:\Documents and Settings\Kary\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .imrworldwide.com [ C:\Documents and Settings\Kary\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .msnportal.112.2o7.net [ C:\Documents and Settings\Kary\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Documents and Settings\Kary\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .apmebf.com [ C:\Documents and Settings\Kary\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Documents and Settings\Kary\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .meetupcom.122.2o7.net [ C:\Documents and Settings\Kary\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .lfstmedia.com [ C:\Documents and Settings\Kary\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .realmedia.com [ C:\Documents and Settings\Kary\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .buzznet.112.2o7.net [ C:\Documents and Settings\Kary\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .kontera.com [ C:\Documents and Settings\Kary\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .kontera.com [ C:\Documents and Settings\Kary\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .247realmedia.com [ C:\Documents and Settings\Kary\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .tracking.realtor.com [ C:\Documents and Settings\Kary\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .homestore.122.2o7.net [ C:\Documents and Settings\Kary\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .eb.adbureau.net [ C:\Documents and Settings\Kary\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .eb.adbureau.net [ C:\Documents and Settings\Kary\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .eb.adbureau.net [ C:\Documents and Settings\Kary\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

darthgaul · « **Reply #1 on:** April 15, 2011, 10:57:04 PM »

Looks like it got cut off...Results of Malwarebytes:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6372

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

4/15/2011 9:23:41 PM
mbam-log-2011-04-15 (21-23-41).txt

Scan type: Quick scan
Objects scanned: 212435
Time elapsed: 14 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sfioikex (Rogue.AntivirusSuite.Gen) -> Value: sfioikex -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sfioikex (Rogue.AntivirusSuite.Gen) -> Value: sfioikex -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\Admin\local settings\Temp\CSMDD.tmp (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.

darthgaul · « **Reply #2 on:** April 15, 2011, 10:58:04 PM »

And results of HJT

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:41:36 PM, on 4/15/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17096)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Bamboo Dock\BambooCore.exe
C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HijackThis\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Turbine Download Manager Tray Icon] "C:\Program Files\Turbine\Turbine Download Manager\TurbineDownloadManagerIcon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

darthgaul · « **Reply #3 on:** April 15, 2011, 11:01:54 PM »

Here id the end part of the Superspyware log, after what looks like a whole bunch of cookies. If you need more let me know.

.mediabrandsww.com [ C:\Documents and Settings\Matthew\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Documents and Settings\Matthew\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Documents and Settings\Matthew\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Documents and Settings\Matthew\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Documents and Settings\Matthew\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Documents and Settings\Matthew\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

Browser Hijacker.Deskbar
   HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
   HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid
   HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid32
   HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib
   HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib#Version

Rogue.AntivirusSoft
   HKU\S-1-5-21-854245398-1078145449-725345543-1006\Software\avsoft

Malware.Trace
   C:\WINDOWS\HERJEK.CONFIG
   HKU\S-1-5-21-854245398-1078145449-725345543-1006\SOFTWARE\AVSUITE
   HKLM\SOFTWARE\AVSUITE
   HKLM\SOFTWARE\AVSOFT
   HKU\S-1-5-21-854245398-1078145449-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run#asam [ C:\Documents and Settings\Admin\Local Settings\Application Data\asam.exe ]
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run#asam [ C:\Documents and Settings\Admin\Local Settings\Application Data\asam.exe ]

Trojan.Agent/Gen-Krpytik
   C:\RPG\D&D\D&D OLD\BLAZONS\DELDIR.EXE
   D:\RPG BACKUP\RPG\D20 STUFF\D&D OLD\BLAZONS\DELDIR.EXE

SuperDave · « **Reply #4 on:** April 16, 2011, 06:44:11 PM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*****************************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
******************************************************
Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copy and pasting it into the reply.

darthgaul · « **Reply #5 on:** April 16, 2011, 09:02:35 PM »

Results of screen317's Security Check version 0.99.10
Windows XP Service Pack 3
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
AVG 2011
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 24
Adobe Flash Player 10.2.153.1
Adobe Reader 7.0
Out of date Adobe Reader installed!
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
``````````End of Log````````````

darthgaul · « **Reply #6 on:** April 16, 2011, 09:26:14 PM »

When i ran DDS it gave me the blue screen of death (dumping physical memory).

SuperDave · « **Reply #7 on:** April 17, 2011, 12:29:00 PM »

Ok. Let's try this:

Download OTL to your desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* When the window appears, underneath Output at the top change it to Minimal Output.
* Check the boxes beside LOP Check and Purity Check.
* Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Please copy and pate the contents of these files, one at a time, into your next reply.

Note: You may need two or more posts to fit them all in.

darthgaul · « **Reply #8 on:** April 17, 2011, 06:54:57 PM »

Ok that one worked. Here is the results:
OTL logfile created on: 4/17/2011 5:46:52 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Admin\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 76.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 233.76 Gb Total Space | 161.43 Gb Free Space | 69.06% Space Free | Partition Type: NTFS
Drive D: | 148.96 Gb Total Space | 72.96 Gb Free Space | 48.98% Space Free | Partition Type: NTFS

Computer Name: MATT | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Admin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Bamboo Dock\BambooCore.exe ()
PRC - C:\Program Files\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe ()
PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Tablet\Pen\Pen_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\Program Files\Tablet\Pen\Pen_TouchUser.exe (Wacom Technology, Corp.)
PRC - C:\Program Files\Tablet\Pen\Pen_TabletUser.exe (Wacom Technology, Corp.)
PRC - C:\Program Files\Tablet\Pen\Pen_TouchService.exe (Wacom Technology, Corp.)
PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\system32\CtHelper.exe (Creative Technology Ltd)
PRC - C:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe (Amazon.com)
PRC - C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe (Amazon.com)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\epson\Creativity Suite\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
PRC - C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
PRC - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe (Creative Technology Ltd)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Admin\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

darthgaul · « **Reply #9 on:** April 17, 2011, 06:56:24 PM »

========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe ()
SRV - (TabletServicePen) -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV - (TouchServicePen) -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe (Wacom Technology, Corp.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (CTAudSvcService) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (Amazon Download Agent) -- C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe (Amazon.com)

========== Driver Services (SafeList) ==========

DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (NVHDA) -- C:\WINDOWS\system32\drivers\nvhda32.sys (NVIDIA Corporation)
DRV - (cpuz135) -- C:\WINDOWS\system32\drivers\cpuz135_x32.sys (CPUID)
DRV - (wacmoumonitor) -- C:\WINDOWS\system32\drivers\wacmoumonitor.sys (Wacom Technology)
DRV - (wacommousefilter) -- C:\WINDOWS\system32\drivers\wacommousefilter.sys (Wacom Technology)
DRV - (wacomvhid) -- C:\WINDOWS\system32\drivers\wacomvhid.sys (Wacom Technology)
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (hap17v2k) -- C:\WINDOWS\system32\drivers\haP17v2k.sys (Creative Technology Ltd)
DRV - (CTERFXFX.SYS) -- C:\WINDOWS\System32\drivers\CTERFXFX.SYS (Creative Technology Ltd)
DRV - (CTERFXFX) -- C:\WINDOWS\system32\drivers\CTERFXFX.sys (Creative Technology Ltd)
DRV - (CTSBLFX.SYS) -- C:\WINDOWS\System32\drivers\CTSBLFX.SYS (Creative Technology Ltd)
DRV - (CTSBLFX) -- C:\WINDOWS\system32\drivers\CTSBLFX.sys (Creative Technology Ltd)
DRV - (CTAUDFX.SYS) -- C:\WINDOWS\System32\drivers\CTAUDFX.SYS (Creative Technology Ltd)
DRV - (CTAUDFX) -- C:\WINDOWS\system32\drivers\CTAUDFX.sys (Creative Technology Ltd)
DRV - (COMMONFX.SYS) -- C:\WINDOWS\System32\drivers\COMMONFX.SYS (Creative Technology Ltd)
DRV - (COMMONFX) -- C:\WINDOWS\system32\drivers\COMMONFX.sys (Creative Technology Ltd)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (BVRPMPR5) -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS (Avanquest Software)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (AR5211) -- C:\WINDOWS\system32\drivers\WG311T13.sys (Atheros Communications, Inc.)
DRV - (ha10kx2k) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys (Creative Technology Ltd)
DRV - (PfModNT) -- C:\WINDOWS\system32\drivers\pfmodnt.sys (Creative Technology Ltd.)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (hap16v2k) -- C:\WINDOWS\system32\drivers\haP16v2k.sys (Creative Technology Ltd)
DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/03/30 10:26:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/02 02:16:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/04/02 02:16:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Extensions
[2011/04/15 21:32:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/15 21:32:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
[2011/03/30 10:26:21 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
[2009/07/29 01:51:11 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/09/02 03:00:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/03/18 10:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AmazonGSDownloaderTray] C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe (Amazon.com)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BambooCore] C:\Program Files\Bamboo Dock\BambooCore.exe ()
O4 - HKLM..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTXFIREG] File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EEventManager] C:\Program Files\epson\Creativity Suite\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [Turbine Download Manager Tray Icon] File not found
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKCU..\Run: [Bamboo Dock] C:\Program Files\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe ()
O4 - HKCU..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
O4 - Startup: C:\Documents and Settings\Admin\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/15116/CTPID.cab (Creative Software AutoUpdate Support Package 1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/05/20 14:37:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{d10db90a-469b-11de-a7c5-b08aa94e5c38}\Shell\AutoRun\command - "" = K:\wd_windows_tools\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

darthgaul · « **Reply #10 on:** April 17, 2011, 06:57:07 PM »

========== Files/Folders - Created Within 30 Days ==========

[2011/04/17 17:44:40 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
[2011/04/17 13:03:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Ventrilo
[2011/04/17 13:03:25 | 000,000,000 | ---D | C] -- C:\Program Files\Ventrilo
[2011/04/17 13:02:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2011/04/15 21:41:10 | 000,000,000 | ---D | C] -- C:\Program Files\HijackThis
[2011/04/15 21:41:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Start Menu\Programs\HiJackThis
[2011/04/15 21:33:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/04/15 21:32:22 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/04/15 21:32:22 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/04/15 21:32:22 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/04/15 21:32:22 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/04/15 21:29:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admin\Start Menu\Programs\Shortcut to Malwarebytes' Anti-Malware
[2011/04/15 21:03:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Malwarebytes
[2011/04/15 20:22:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/15 20:22:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Desktop\Malwarebytes' Anti-Malware
[2011/04/15 20:22:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/15 20:22:54 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/04/15 20:22:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/15 15:35:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/04/15 15:35:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\SUPERAntiSpyware.com
[2011/04/15 15:35:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/04/15 15:35:28 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/04/12 16:00:47 | 000,000,000 | ---D | C] -- C:\Program Files\GameSpy Arcade
[2011/04/12 15:59:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Freedom Force
[2011/04/12 15:57:17 | 000,000,000 | ---D | C] -- C:\Program Files\Irrational Games
[2011/04/07 23:11:10 | 000,837,224 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvgenco32hda.dll
[2011/04/06 03:43:10 | 000,941,160 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispco322090.dll
[2011/04/06 03:43:10 | 000,837,736 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvgenco322040.dll
[2011/04/06 02:43:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Creative
[2011/04/06 02:42:57 | 000,000,000 | -H-D | C] -- C:\Program Files\Creative Installation Information
[2011/04/06 02:27:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Creative
[2011/04/06 02:24:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Creative Labs Shared
[2011/04/06 02:23:34 | 000,445,016 | ---- | C] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2011/04/06 02:23:13 | 000,606,208 | ---- | C] (Creative Technology Ltd) -- C:\WINDOWS\System32\ctsblfx.dll
[2011/04/06 02:23:13 | 000,585,728 | ---- | C] (Creative Technology Ltd) -- C:\WINDOWS\System32\ctaudfx.dll
[2011/04/06 02:23:13 | 000,114,688 | ---- | C] (Creative Technology Ltd) -- C:\WINDOWS\System32\commonfx.dll
[2011/04/02 02:23:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\SystemRequirementsLab
[2011/04/02 02:16:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla
[2011/04/02 02:16:04 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/04/01 18:54:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\NVIDIA
[2011/04/01 18:31:54 | 000,232,040 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcohda.dll
[2011/04/01 18:31:54 | 000,100,456 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nvhda32.sys
[2011/04/01 18:31:54 | 000,026,216 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvhdap32.dll
[2011/03/28 16:13:03 | 000,000,000 | ---D | C] -- C:\Program Files\SIW
[2010/03/18 19:18:32 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2010/03/18 18:59:50 | 000,010,240 | ---- | C] ( ) -- C:\WINDOWS\System32\killapps.exe
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/17 17:44:41 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
[2011/04/17 17:42:28 | 112,675,935 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/04/17 17:34:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/17 17:31:00 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1078145449-725345543-1004UA.job
[2011/04/17 17:06:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1078145449-725345543-1005UA.job
[2011/04/17 16:54:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1078145449-725345543-1006UA.job
[2011/04/17 14:31:00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1078145449-725345543-1004Core.job
[2011/04/17 13:55:11 | 000,002,292 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Google Chrome.lnk
[2011/04/17 13:55:11 | 000,002,270 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/04/17 13:49:24 | 000,000,587 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2011/04/17 13:03:26 | 000,000,262 | ---- | M] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/04/17 13:03:25 | 000,000,638 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ventrilo.lnk
[2011/04/17 12:56:21 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/17 12:49:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/17 04:09:25 | 000,029,544 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000003-00001102-00000004-20061102}.rfx
[2011/04/17 04:09:25 | 000,029,544 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-00000003-00001102-00000004-20061102}.rfx
[2011/04/17 04:09:25 | 000,026,424 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000005-00000000-00000003-00001102-00000004-20061102}.rfx
[2011/04/17 04:09:25 | 000,026,424 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000005-00000000-00000003-00001102-00000004-20061102}.rfx
[2011/04/17 04:09:25 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/04/17 04:09:25 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/04/17 04:09:25 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000005-00000000-00000003-00001102-00000004-20061102}.dat
[2011/04/17 04:09:25 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000003-00001102-00000004-20061102}.dat
[2011/04/16 20:06:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1078145449-725345543-1005Core.job
[2011/04/16 18:54:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1078145449-725345543-1006Core.job
[2011/04/15 21:41:10 | 000,002,006 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\HiJackThis.lnk
[2011/04/15 20:22:58 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/15 15:35:30 | 000,001,686 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/04/15 03:25:44 | 000,153,976 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/15 03:07:27 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/15 03:06:27 | 000,440,684 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/15 03:06:27 | 000,071,002 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/12 16:00:55 | 000,000,510 | ---- | M] () -- C:\WINDOWS\eReg.dat
[2011/04/12 16:00:07 | 000,001,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Freedom Force.lnk
[2011/04/08 22:14:04 | 000,001,765 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
[2011/04/08 22:14:04 | 000,001,477 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\DivX Movies.lnk
[2011/04/07 23:37:34 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000003-00001102-00000004-20061102}.rfx
[2011/04/07 23:11:37 | 000,252,080 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/04/07 23:11:37 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/04/07 23:11:35 | 000,252,080 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/04/07 22:43:18 | 004,934,242 | ---- | M] () -- C:\WINDOWS\{00000005-00000000-00000003-00001102-00000004-20061102}.CDF
[2011/04/07 22:40:11 | 004,934,242 | ---- | M] () -- C:\WINDOWS\{00000005-00000000-00000003-00001102-00000004-20061102}.BAK
[2011/04/07 22:34:48 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/06 02:23:34 | 000,445,016 | ---- | M] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2011/04/06 02:23:34 | 000,109,144 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll
[2011/04/04 23:57:45 | 000,077,450 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/04/02 02:16:15 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2011/04/01 18:29:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk
[2011/04/01 11:44:20 | 000,276,202 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2011/03/30 10:26:21 | 000,000,698 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/17 13:03:25 | 000,000,638 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ventrilo.lnk
[2011/04/17 13:03:22 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/04/15 21:41:10 | 000,002,006 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\HiJackThis.lnk
[2011/04/15 20:22:58 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/15 15:35:30 | 000,001,686 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/04/12 16:00:55 | 000,000,510 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2011/04/12 16:00:07 | 000,001,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Freedom Force.lnk
[2011/04/07 23:11:08 | 000,003,630 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2011/04/06 03:46:38 | 000,001,080 | ---- | C] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/04/06 03:46:38 | 000,001,080 | ---- | C] () -- C:\WINDOWS\System32\settings.sfm
[2011/04/06 02:25:50 | 000,011,564 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000003-00001102-00000004-20061102}.rfx
[2011/04/06 02:25:27 | 004,934,242 | ---- | C] () -- C:\WINDOWS\{00000005-00000000-00000003-00001102-00000004-20061102}.BAK
[2011/04/06 02:24:27 | 004,934,242 | ---- | C] () -- C:\WINDOWS\{00000005-00000000-00000003-00001102-00000004-20061102}.CDF
[2011/04/06 02:24:25 | 000,007,062 | ---- | C] () -- C:\WINDOWS\System32\audiopid.vxd
[2011/04/02 02:16:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/04/02 02:16:09 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/04/01 18:29:42 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/04/01 18:29:40 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/04/01 18:29:40 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/04/01 18:29:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk
[2011/02/10 03:11:46 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011/01/16 20:27:28 | 000,024,112 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/07/03 02:08:12 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2010/06/20 04:14:25 | 003,556,504 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/06/18 21:32:46 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/18 23:44:35 | 002,292,678 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/03/18 19:59:54 | 000,050,439 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2010/03/18 19:59:50 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2010/03/18 19:19:58 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2010/03/18 19:17:50 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\psconv.exe
[2010/03/18 19:07:54 | 000,386,852 | ---- | C] () -- C:\WINDOWS\System32\ctdnlstr.dat
[2010/03/18 19:07:54 | 000,127,226 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2010/03/18 19:03:12 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\regplib.exe
[2010/03/18 19:02:14 | 000,140,643 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat
[2010/03/18 19:00:42 | 000,264,466 | ---- | C] () -- C:\WINDOWS\System32\ctsbas2w.dat
[2010/03/18 19:00:28 | 000,241,084 | ---- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT
[2010/03/18 19:00:28 | 000,115,166 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2010/03/18 18:59:56 | 000,313,207 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2010/03/18 18:59:56 | 000,053,932 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2010/03/18 18:59:54 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\enlocstr.exe
[2010/02/19 16:16:56 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7A.DLL
[2009/09/10 10:18:06 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\fusioncache.dat
[2009/07/08 15:10:56 | 000,000,307 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2009/05/24 00:06:37 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/05/23 13:44:11 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/05/20 18:25:19 | 000,000,384 | ---- | C] () -- C:\WINDOWS\System32\DVCStateBkp-{00000005-00000000-00000003-00001102-00000004-20061102}.dat
[2009/05/20 18:25:19 | 000,000,384 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000003-00001102-00000004-20061102}.dat
[2009/05/20 18:19:04 | 001,247,400 | ---- | C] () -- C:\WINDOWS\System32\CTAA1.DAT
[2009/05/20 18:19:03 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2009/05/20 18:19:01 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
[2009/05/20 18:18:22 | 000,014,424 | ---- | C] () -- C:\WINDOWS\System32\Aud2_Del.ini
[2009/05/20 18:18:17 | 000,184,320 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2009/05/20 18:18:12 | 000,000,184 | ---- | C] () -- C:\WINDOWS\System32\e000001.dat
[2009/05/20 18:17:21 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2009/05/20 18:08:17 | 000,057,836 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2009/05/20 18:08:17 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2009/05/20 18:08:17 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2009/05/20 18:08:17 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2009/05/20 18:08:17 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2009/05/20 18:08:17 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2009/05/20 18:08:17 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2009/05/20 18:08:17 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2009/05/20 18:08:17 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2009/05/20 18:08:17 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2009/05/20 18:08:17 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2009/05/20 18:08:17 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2009/05/20 18:08:17 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2009/05/20 18:08:17 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/05/20 18:03:44 | 000,064,000 | ---- | C] () -- C:\WINDOWS\System32\esfw52.bin
[2009/05/20 17:59:42 | 000,000,184 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/05/20 14:40:04 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/05/20 14:35:19 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/05/20 07:30:13 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/05/20 07:29:00 | 000,153,976 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/09/17 23:55:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/08/13 20:45:02 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll
[2005/04/19 15:59:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/03/22 13:48:43 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 13:48:43 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 05:00:00 | 000,440,684 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 05:00:00 | 000,071,002 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/09/14 21:01:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\AdventureTools
[2010/10/20 10:49:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\AVG10
[2009/05/20 18:26:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\EPSON
[2011/02/22 19:19:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Fantasy Grounds II
[2011/04/02 02:23:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\SystemRequirementsLab
[2011/02/10 16:12:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Wacom
[2011/02/10 16:12:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
[2011/03/08 02:54:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Amazon
[2010/10/20 10:46:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/01/24 19:46:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/02/19 16:16:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/10/20 10:46:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/04/15 17:39:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/02/10 16:12:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wacom
[2010/02/11 05:56:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/06/19 15:05:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

========== Purity Check ==========

< End of report >

darthgaul · « **Reply #11 on:** April 17, 2011, 06:57:54 PM »

OTL Extras logfile created on: 4/17/2011 5:46:52 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Admin\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 76.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 233.76 Gb Total Space | 161.43 Gb Free Space | 69.06% Space Free | Partition Type: NTFS
Drive D: | 148.96 Gb Total Space | 72.96 Gb Free Space | 48.98% Space Free | Partition Type: NTFS

Computer Name: MATT | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\7EUS9QBH\700_DDI_CB[1].exe" = C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\7EUS9QBH\700_DDI_CB[1].exe:*:Enabled:DD Insider -- ()
"C:\World of Warcraft\Launcher.exe" = C:\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher
"D:\World of Warcraft\Launcher.exe" = D:\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"D:\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe" = D:\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"D:\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe" = D:\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\Turbine\Dungeons and Dragons Online - Eberron Unlimited\dndclient.exe" = C:\Program Files\Turbine\Dungeons and Dragons Online - Eberron Unlimited\dndclient.exe:*:Disabled:dndclient
"D:\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe" = D:\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"D:\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe" = D:\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"D:\World of Warcraft\WoW-3.2.2.10505-to-3.3.0.10958-enUS-downloader.exe" = D:\World of Warcraft\WoW-3.2.2.10505-to-3.3.0.10958-enUS-downloader.exe:*:Enabled:WoW-3.2.2.10505-to-3.3.0.10958-enUS-downloader.exe -- (Blizzard Entertainment)
"C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe" = C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe:*:Enabled:TurbineMessageService
"C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe" = C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe:*:Enabled:TurbineNetworkService
"D:\World of Warcraft\BackgroundDownloader.exe" = D:\World of Warcraft\BackgroundDownloader.exe:*:Enabled:BackgroundDownloader.exe
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Documents and Settings\Admin\Local Settings\Application Data\asam.exe" = C:\Documents and Settings\Admin\Local Settings\Application Data\asam.exe:*:Enabled:enable
"C:\Program Files\CCP\EVE\bin\ExeFile.exe" = C:\Program Files\CCP\EVE\bin\ExeFile.exe:*:Enabled:CCP ExeFile
"D:\World of Warcraft\Launcher.patch.exe" = D:\World of Warcraft\Launcher.patch.exe:*:Enabled:Blizzard Launcher
"D:\World of Warcraft\Blizzard Downloader.exe" = D:\World of Warcraft\Blizzard Downloader.exe:*:Enabled:Blizzard Downloader
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Fantasy Grounds II\FantasyGrounds.exe" = C:\Program Files\Fantasy Grounds II\FantasyGrounds.exe:*:Enabled:FantasyGrounds -- ()
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player
"C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{25C11A11-C6AE-C717-41CA-3DA699F2A7B8}" = Bamboo Dock
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 24
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = EPSON Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{626C034B-50B8-47BD-AF93-EEFD0FA78FF4}" = Character Builder
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6CF17881-3405-469E-9C04-BA1C10833C30}" = Castles & Crusades for Fantasy Grounds II
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75AD7D33-EF26-4609-9D8D-CBF7F9AC5E08}" = Freedom Force
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{92482FB3-C05B-41C6-89E7-75D985602A6E}" = System Requirements Lab
"{9E2514D9-DC24-4634-B348-61F3EF0F1628}" = Sound Blaster Audigy 2 ZS
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4552E28-AF1D-4C3E-9991-8112F40265F4}" = Adventure Tools
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio module
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.50
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.1.13.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B3AEF776-7FFF-4C50-A402-9119E3849EE0}" = AVG 2011
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE6DEE87-1C87-42ED-A108-7369BFE9076F}" = 32 bit Windows Card Reader Driver
"{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}" = Google SketchUp 8
"{D433ABC3-0CD8-4BB0-B6A9-84501B4B47B7}" = ArcSoft PhotoImpression 5
"{D4E53304-1F6C-4111-9872-1BCD2CF5B642}" = AVG 2011
"{E5E6E687-1033-BA7E-6000-000000000001}" = Adobe Acrobat Elements 6.0
"{E86BC406-944E-41F6-ADE6-2C136734C96B}" = EPSON File Manager
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"{FB4F9000-04FC-11E0-85D2-001AA037B01E}" = Google Earth Plug-in
"{FCD9CD52-7222-4672-94A0-A722BA702FD0}" = Dell Resource CD
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Amazon Games & Software Downloader_is1" = Amazon Games & Software Downloader
"AudioCS" = Creative Audio Console
"AVG" = AVG 2011
"Bamboo Dock" = Bamboo Dock 3.3
"CANONBJ_Deinstall_CNMCP7A.DLL" = Canon iP5200R
"Champions Online" = Champions Online
"Counter Collection 4E Heroic 1 Token Pack" = FG2: Counter Collection 4E Heroic 1 Token Pack 1.0
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.17
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"DivX Setup.divx.com" = DivX Setup
"EPSON Scanner" = EPSON Scan
"Fantasy Grounds II" = Fantasy Grounds II
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 4.0 (x86 en-US)" = Mozilla Firefox 4.0 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"P1-Realm of the Troll King Token Pack" = FG2: P1-Realm of the Troll King Token Pack 1.0
"Pen Tablet Driver" = Bamboo
"pepakura_viewer3en" = Pepakura Viewer 3
"Registry Easy_is1" = Registry Easy v5.6
"SEGAGenesisClassics" = SEGA Genesis Classics
"Silent Package Run-Time Sample" = EPSON Perf 3490 3590 Guide
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1" = Bamboo Dock
"WaveStudio 7" = Creative WaveStudio 7
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft" = World of Warcraft
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

darthgaul · « **Reply #12 on:** April 17, 2011, 06:58:34 PM »

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/25/2011 6:00:27 PM | Computer Name = MATT | Source = Application Error | ID = 1000
Description = Faulting application fantasygrounds.exe, version 0.0.0.0, faulting
module fantasygrounds.exe, version 0.0.0.0, fault address 0x00005370.

Error - 2/11/2011 6:17:34 PM | Computer Name = MATT | Source = Application Error | ID = 1000
Description = Faulting application fantasygrounds.exe, version 0.0.0.0, faulting
module fantasygrounds.exe, version 0.0.0.0, fault address 0x000493c7.

Error - 2/28/2011 5:32:27 PM | Computer Name = MATT | Source = Application Hang | ID = 1002
Description = Hanging application Bamboo Dock.exe, version 0.0.0.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/28/2011 5:32:28 PM | Computer Name = MATT | Source = Application Hang | ID = 1002
Description = Hanging application Bamboo Dock.exe, version 0.0.0.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/2/2011 3:09:52 AM | Computer Name = MATT | Source = Application Error | ID = 1000
Description = Faulting application fantasygrounds.exe, version 0.0.0.0, faulting
module fantasygrounds.exe, version 0.0.0.0, fault address 0x0004ae00.

Error - 3/10/2011 9:05:23 PM | Computer Name = MATT | Source = Application Error | ID = 1000
Description = Faulting application mech2.exe, version 0.0.0.0, faulting module mw2shell.dll,
version 1.1.0.0, fault address 0x0003e15e.

Error - 3/25/2011 1:08:41 AM | Computer Name = MATT | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 0.0.0.0, faulting module
wininet.dll, version 7.0.6000.17095, fault address 0x00022a90.

Error - 3/29/2011 2:18:58 PM | Computer Name = MATT | Source = TabletServicePen | ID = 1
Description =

Error - 4/9/2011 12:31:06 AM | Computer Name = MATT | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 4/12/2011 7:49:16 PM | Computer Name = MATT | Source = Application Error | ID = 1000
Description = Faulting application fforce.exe, version 1.0.0.0, faulting module
standard.dll, version 0.0.0.0, fault address 0x00001683.

[ System Events ]
Error - 4/17/2011 4:01:45 PM | Computer Name = MATT | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 4/17/2011 4:01:45 PM | Computer Name = MATT | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 4/17/2011 4:01:45 PM | Computer Name = MATT | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 4/17/2011 4:01:45 PM | Computer Name = MATT | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 4/17/2011 4:01:45 PM | Computer Name = MATT | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 4/17/2011 4:01:46 PM | Computer Name = MATT | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 4/17/2011 4:01:46 PM | Computer Name = MATT | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 4/17/2011 4:01:46 PM | Computer Name = MATT | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 4/17/2011 4:01:46 PM | Computer Name = MATT | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 4/17/2011 4:01:46 PM | Computer Name = MATT | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

< End of report >

SuperDave · « **Reply #13 on:** April 18, 2011, 12:30:02 PM »

Registry cleaners are extremely powerful applications and their potential for harming your OS far outweighs any small potential for improving your computer's performance.
Registry Easy v5.6
There are a number of them available and some are more safe than others. Keep in mind that no two registry cleaners work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad" entry. One cleaner may find entries on your system that will not cause a problem when removed, another may not find the same entries, and still another may want to remove entries required for a program to work. Without research into what the registry entry selected for deletion is, a registry cleaner can end up being an automated method to cause problems with the registry.

For routine use by those not familiar with the registry, the benefits to your computer are negligible while the potential risks are great.

Further reading: XP Fixes Myth #1: Registry Cleaners
*********************************************************
Please download ComboFix

from BleepingComputer.com

Alternate link: GeeksToGo.com

and save it to your Desktop.
It would be easiest to download using Internet Explorer.
If you insist on using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Double click ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

If you have problems with ComboFix usage, see How to use ComboFix

darthgaul · « **Reply #14 on:** April 18, 2011, 02:21:58 PM »

OK, I tried running combo fix and it said i needed to uninstall AVG2011. I tried disabling AVG using the instructions from above. But combo fix came up with the message that it would not run unless AVG was uninstalled. I tried uninstalling AVG and an error came up and it didn't complete the uninstall. I saved the log but it's a cabinet file. I don't know how to access the information in that type of file. In fact i'm kind of scared that it's some type of virus or something.
So long story short Combo fix wont run unless AVG is disabled it seems and I cant uninstall AVG 2011. The identity portion of AVG protection is now not working and cannot be fixed.

Is there something you saw in the above logs that your trying to get rid of? I have noticed that the original reason I posted here (because I noticed that a program tried to run when i went to a banking login page) does not happen anymore.

SuperDave · « **Reply #15 on:** April 18, 2011, 04:53:09 PM »

Sorry about that. Yes, AVG will have to be uninstalled. Please download and install one of the other free AV's from the list below. MicroSoft Security Essentials is the easiest one to work with. Next, run the AVG Removal Tool below to get rid of AVG. Then run the ComboFix scan.

Looking over your log it seems you don't have any antivirus software.

Before we continue download and install a free antivirus.

Remember to only install one antivirus!

1) Avast! Home Edition
2) AVG Free Edition
3) Avira AntiVir Personal
4) Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download
4-a) Microsoft Security Essentials for Windows XP
5) Comodo Antivirus (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
6) PC Tools AntiVirus Free Edition

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.
****************************************************
AVG Antivirus Remover utility

darthgaul · « **Reply #16 on:** April 19, 2011, 01:05:29 AM »

ok that worked. I installed Microsoft Essentials. Here is the log:
ComboFix 11-04-18.02 - Admin 04/18/2011 23:53:35.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2328 [GMT -7:00]
Running from: c:\documents and settings\Admin\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Adobe Systems
c:\documents and settings\All Users\Application Data\Adobe Systems\Product licenses\B2B86000.dat
c:\documents and settings\Matthew\WINDOWS
C:\LHTC.tmp
c:\program files\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe
C:\Thumbs.db
.
.
((((((((((((((((((((((((( Files Created from 2011-03-19 to 2011-04-19 )))))))))))))))))))))))))))))))
.
.
2011-04-19 06:25 . 2011-04-19 06:25   28752   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6F145977-E696-4293-96C0-6811DFE2C4F7}\MpKsl6736b89d.sys
2011-04-19 06:25 . 2011-04-11 07:04   7071056   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6F145977-E696-4293-96C0-6811DFE2C4F7}\mpengine.dll
2011-04-19 06:25 . 2010-10-19 20:51   222080   ------w-   c:\windows\system32\MpSigStub.exe
2011-04-19 06:23 . 2011-04-19 06:23   --------   d-----w-   c:\windows\LastGood
2011-04-19 06:22 . 2011-04-19 06:23   --------   d-----w-   c:\program files\Microsoft Security Client
2011-04-17 20:03 . 2011-04-17 20:03   --------   d-----w-   c:\program files\Ventrilo
2011-04-17 20:02 . 2011-04-17 20:02   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2011-04-16 04:41 . 2011-04-16 04:41   388096   ----a-r-   c:\documents and settings\Admin\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-04-16 04:33 . 2011-04-16 04:33   --------   d-----w-   c:\program files\Common Files\Java
2011-04-16 04:32 . 2011-02-03 04:40   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2011-04-16 04:03 . 2011-04-16 04:03   --------   d-----w-   c:\documents and settings\Admin\Application Data\Malwarebytes
2011-04-16 03:22 . 2011-04-16 03:22   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2011-04-16 03:22 . 2010-12-21 01:09   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-16 03:22 . 2011-04-16 03:22   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2011-04-16 03:22 . 2010-12-21 01:08   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-04-15 22:35 . 2011-04-15 22:35   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-04-15 22:35 . 2011-04-15 22:35   --------   d-----w-   c:\documents and settings\Admin\Application Data\SUPERAntiSpyware.com
2011-04-15 22:35 . 2011-04-15 22:35   --------   d-----w-   c:\program files\SUPERAntiSpyware
2011-04-13 05:33 . 2011-04-13 05:33   --------   d-----w-   c:\documents and settings\Matthew\Local Settings\Application Data\Mozilla
2011-04-13 03:06 . 2011-04-13 03:06   --------   d-----w-   c:\documents and settings\Kary\Application Data\Wacom
2011-04-13 03:06 . 2011-04-13 03:06   --------   d-----w-   c:\documents and settings\Kary\Application Data\WTablet
2011-04-12 23:00 . 2011-04-12 23:00   --------   d-----w-   c:\program files\GameSpy Arcade
2011-04-12 22:57 . 2011-04-12 22:57   --------   d-----w-   c:\program files\Irrational Games
2011-04-08 06:11 . 2010-12-02 09:12   837224   ----a-w-   c:\windows\system32\nvgenco32hda.dll
2011-04-06 10:43 . 2011-01-08 03:27   941160   ----a-w-   c:\windows\system32\nvdispco322090.dll
2011-04-06 10:43 . 2011-01-08 03:27   837736   ----a-w-   c:\windows\system32\nvgenco322040.dll
2011-04-06 09:43 . 2011-04-06 09:43   --------   d-----w-   c:\program files\Common Files\Creative
2011-04-06 09:42 . 2011-04-06 09:44   --------   d--h--w-   c:\program files\Creative Installation Information
2011-04-06 09:27 . 2011-04-06 09:27   --------   d-----w-   c:\documents and settings\All Users\Application Data\Creative
2011-04-06 09:24 . 2003-06-13 06:25   7062   ----a-w-   c:\windows\system32\audiopid.vxd
2011-04-06 09:24 . 2011-04-06 09:24   --------   d-----w-   c:\program files\Common Files\Creative Labs Shared
2011-04-06 09:23 . 2011-04-06 09:23   445016   ----a-w-   c:\windows\system32\wrap_oal.dll
2011-04-06 09:23 . 2004-07-13 01:53   585728   ----a-w-   c:\windows\system32\ctaudfx.dll
2011-04-06 09:23 . 2003-11-13 10:04   606208   ----a-w-   c:\windows\system32\ctsblfx.dll
2011-04-06 09:23 . 2003-11-13 10:02   114688   ----a-w-   c:\windows\system32\commonfx.dll
2011-04-06 09:14 . 2003-11-11 01:14   729088   ----a-w-   c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2011-04-06 09:14 . 2003-11-11 01:13   69715   ----a-w-   c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2011-04-06 09:14 . 2003-11-11 01:12   266240   ----a-w-   c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2011-04-06 09:14 . 2003-11-11 01:12   192512   ----a-w-   c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2011-04-06 09:14 . 2003-11-11 01:11   5632   ----a-w-   c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2011-04-06 09:14 . 2011-04-06 09:14   188548   ----a-w-   c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2011-04-06 09:14 . 2011-04-06 09:14   311428   ----a-w-   c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2011-04-06 09:12 . 2011-04-06 09:12   --------   d-----w-   c:\documents and settings\Matthew\Application Data\InstallShield Installation Information
2011-04-02 09:23 . 2011-04-02 09:23   --------   d-----w-   c:\documents and settings\Admin\Application Data\SystemRequirementsLab
2011-04-02 09:16 . 2011-04-02 09:16   --------   d-----w-   c:\documents and settings\Admin\Local Settings\Application Data\Mozilla
2011-04-02 01:54 . 2011-04-02 01:54   --------   d-----w-   c:\documents and settings\Admin\Application Data\NVIDIA
2011-04-02 01:31 . 2010-11-11 23:10   26216   ----a-w-   c:\windows\system32\nvhdap32.dll
2011-04-02 01:31 . 2010-11-11 23:10   100456   ----a-w-   c:\windows\system32\drivers\nvhda32.sys
2011-04-02 01:31 . 2010-06-21 22:07   232040   ----a-w-   c:\windows\system32\nvcohda.dll
2011-04-02 01:29 . 2011-04-08 06:11   252080   ----a-w-   c:\windows\system32\nvdrsdb0.bin
2011-04-02 01:29 . 2011-04-08 06:11   1   ----a-w-   c:\windows\system32\nvdrssel.bin
2011-04-02 01:29 . 2011-04-08 06:11   252080   ----a-w-   c:\windows\system32\nvdrsdb1.bin
2011-03-28 23:13 . 2011-03-28 23:17   --------   d-----w-   c:\program files\SIW
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-06 09:23 . 2009-05-21 01:18   109144   ----a-w-   c:\windows\system32\OpenAL32.dll
2011-03-07 05:33 . 2009-05-20 21:35   692736   ----a-w-   c:\windows\system32\inetcomm.dll
2011-03-04 06:45 . 2004-08-04 12:00   434176   ----a-w-   c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2004-08-04 12:00   1857920   ----a-w-   c:\windows\system32\win32k.sys
2011-02-17 19:00 . 2004-08-04 12:00   832512   ----a-w-   c:\windows\system32\wininet.dll
2011-02-17 19:00 . 2004-08-04 12:00   78336   ----a-w-   c:\windows\system32\ieencode.dll
2011-02-17 19:00 . 2004-08-04 12:00   1830912   ------w-   c:\windows\system32\inetcpl.cpl
2011-02-17 19:00 . 2004-08-04 12:00   17408   ------w-   c:\windows\system32\corpol.dll
2011-02-17 13:18 . 2004-08-04 12:00   455936   ----a-w-   c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2004-08-04 12:00   357888   ----a-w-   c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2009-05-22 22:18   5120   ----a-w-   c:\windows\system32\xpsp4res.dll
2011-02-17 11:44 . 2004-08-04 12:00   389120   ----a-w-   c:\windows\system32\html.iec
2011-02-15 12:56 . 2004-08-04 12:00   290432   ----a-w-   c:\windows\system32\atmfd.dll
2011-02-09 13:53 . 2004-08-04 12:00   270848   ----a-w-   c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-04 12:00   186880   ----a-w-   c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2004-08-04 12:00   978944   ----a-w-   c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2004-08-04 12:00   974848   ----a-w-   c:\windows\system32\mfc42u.dll
2011-02-03 02:19 . 2009-07-29 08:51   73728   ----a-w-   c:\windows\system32\javacpl.cpl
2011-02-02 07:58 . 2009-05-20 21:34   2067456   ----a-w-   c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2009-05-20 21:34   677888   ----a-w-   c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2004-08-04 12:00   439296   ----a-w-   c:\windows\system32\shimgvw.dll
2011-03-18 17:53 . 2011-04-02 09:16   142296   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-03 102400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-03-16 127037]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"EEventManager"="c:\program files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2005-04-08 102400]
"CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"CTDVDDET"="c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608]
"BambooCore"="c:\program files\Bamboo Dock\BambooCore.exe" [2011-02-10 629336]
"AmazonGSDownloaderTray"="c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-10-23 326144]
"CTHelper"="CTHELPER.EXE" [2010-03-19 19456]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-08 13880424]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-08 111208]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
.
c:\documents and settings\Admin\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-7-30 217195]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
"d:\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"=
"d:\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"=
"d:\\World of Warcraft\\WoW-3.2.2.10505-to-3.3.0.10958-enUS-downloader.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Fantasy Grounds II\\FantasyGrounds.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
.
R1 MpKsl6736b89d;MpKsl6736b89d;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6F145977-E696-4293-96C0-6811DFE2C4F7}\MpKsl6736b89d.sys [4/18/2011 11:25 PM 28752]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]
R2 Amazon Download Agent;Amazon Download Agent;c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [3/8/2011 2:54 AM 401920]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2/14/2011 5:28 AM 21992]
R2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2/10/2011 4:04 PM 4869488]
R2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2/10/2011 4:05 PM 416112]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [4/1/2011 6:31 PM 100456]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2/10/2011 4:04 PM 16240]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/24/2011 11:29 PM 136176]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [3/18/2010 8:39 PM 99416]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [3/18/2010 8:39 PM 99416]
S3 cpuz134;cpuz134;\??\c:\docume~1\Admin\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\Admin\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [4/6/2011 2:24 AM 79360]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [3/18/2010 8:39 PM 555096]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [3/18/2010 8:39 PM 555096]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [3/18/2010 8:39 PM 100952]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [3/18/2010 8:39 PM 100952]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [3/18/2010 8:39 PM 566360]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [3/18/2010 8:39 PM 566360]
S4 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys --> c:\windows\system32\DRIVERS\AVGIDSShim.Sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPFILTER
*NewlyCreated* - MPKSL6736B89D
*NewlyCreated* - MSMPSVC
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-25 01:49]
.
2011-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-25 01:49]
.
2011-04-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1078145449-725345543-1004Core.job
- c:\documents and settings\Matthew\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-22 14:55]
.
2011-04-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1078145449-725345543-1004UA.job
- c:\documents and settings\Matthew\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-22 14:55]
.
2011-04-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1078145449-725345543-1005Core.job
- c:\documents and settings\Kary\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-02 16:50]
.
2011-04-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1078145449-725345543-1005UA.job
- c:\documents and settings\Kary\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-02 16:50]
.
2011-04-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1078145449-725345543-1006Core.job
- c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-22 09:31]
.
2011-04-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1078145449-725345543-1006UA.job
- c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-22 09:31]
.
2011-04-19 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 19:26]
.
2011-04-19 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 19:26]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\ee30ac2q.default\
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKCU-Run-Bamboo Dock - c:\program files\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe
HKLM-Run-Turbine Download Manager Tray Icon - c:\program files\Turbine\Turbine Download Manager\TurbineDownloadManagerIcon.exe
HKLM-Run-CTXFIREG - CTxfiReg.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-19 00:00
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"Installed"="1"
"NoChange"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(592)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2011-04-19 00:01:58
ComboFix-quarantined-files.txt 2011-04-19 07:01
.
Pre-Run: 173,723,787,264 bytes free
Post-Run: 180,481,212,416 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - C63B4E7EF2A803AFE4D98748EB18C596

SuperDave · « **Reply #17 on:** April 19, 2011, 01:21:56 PM »

There are still traces of AVG on your computer. Please run this tool to get rid of them.
AVG Antivirus Remover utility

SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

Double click Sysprot.exe to start the program.
Click on the Log tab.
In the Write to log box select the following items.

Process << Selected
Kernel Modules << Selected
SSDT << Selected
Kernel Hooks << Selected
IRP Hooks << NOT Selected
Ports << NOT Selected
Hidden Files << Selected

At the bottom of the page

Hidden Objects Only << Selected

Click on the Create Log button on the bottom right.
After a few seconds a new window should appear.
Select Scan Root Drive. Click on the Start button.
When it is complete a new window will appear to indicate that the scan is finished.
The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

vandish · « **Reply #18 on:** April 19, 2011, 01:27:31 PM »

Your comment has been removed. Please do not post malware advice, or post here in the malware forum, unless you need help. First Warning!

darthgaul · « **Reply #19 on:** April 19, 2011, 02:44:12 PM »

Done. Here are the log results:

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\dump_iastor.sys
Service Name: ---
Module Base: A8303000
Module End: A83D8000
Hidden: Yes

******************************************************************************************
******************************************************************************************
No SSDT Hooks found

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\7ffce0c191e3d3b84c6f6e83dfd62392\amd64\filterpipelineprintproc.dll
Status: Access denied

Object: C:\7ffce0c191e3d3b84c6f6e83dfd62392\amd64\msxpsdrv.cat
Status: Access denied

Object: C:\7ffce0c191e3d3b84c6f6e83dfd62392\amd64\msxpsdrv.inf
Status: Access denied

Object: C:\7ffce0c191e3d3b84c6f6e83dfd62392\amd64\msxpsinc.gpd
Status: Access denied

Object: C:\7ffce0c191e3d3b84c6f6e83dfd62392\amd64\msxpsinc.ppd
Status: Access denied

Object: C:\7ffce0c191e3d3b84c6f6e83dfd62392\amd64\mxdwdrv.dll
Status: Access denied

Object: C:\7ffce0c191e3d3b84c6f6e83dfd62392\amd64\xpssvcs.dll
Status: Access denied

Object: C:\7ffce0c191e3d3b84c6f6e83dfd62392\i386\filterpipelineprintproc.dll
Status: Access denied

Object: C:\7ffce0c191e3d3b84c6f6e83dfd62392\i386\msxpsdrv.cat
Status: Access denied

Object: C:\7ffce0c191e3d3b84c6f6e83dfd62392\i386\msxpsdrv.inf
Status: Access denied

Object: C:\7ffce0c191e3d3b84c6f6e83dfd62392\i386\msxpsinc.gpd
Status: Access denied

Object: C:\7ffce0c191e3d3b84c6f6e83dfd62392\i386\msxpsinc.ppd
Status: Access denied

Object: C:\7ffce0c191e3d3b84c6f6e83dfd62392\i386\mxdwdrv.dll
Status: Access denied

Object: C:\7ffce0c191e3d3b84c6f6e83dfd62392\i386\xpssvcs.dll
Status: Access denied

Object: C:\Qoobox\BackEnv\AppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cache.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cookies.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Desktop.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Favorites.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\History.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Music.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\NetHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Personal.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Pictures.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Programs.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Recent.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SendTo.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SetPath.bat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartUp.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SysPath.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Templates.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\VikPev00
Status: Access denied

SuperDave · « **Reply #20 on:** April 19, 2011, 04:54:27 PM »

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the

button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

•Check

•Click the

button.
•Accept any security warnings from your browser.
•Check

•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push

•Push

, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the

button.
•Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

darthgaul · « **Reply #21 on:** April 20, 2011, 03:49:56 AM »

ESETScan results:
C:\Documents and Settings\All Users\Documents\RegistryEasy_Setup.exe   a variant of Win32/Adware.RegistryEasy application   deleted - quarantined
C:\Documents and Settings\Matthew\Application Data\Sun\Java\Deployment\cache\6.0\40\59774da8-15854b67   a variant of Java/TrojanDownloader.OpenStream.NBE trojan   deleted - quarantined
C:\Documents and Settings\Matthew\My Documents\Downloads\RegistryEasy_Setup.exe   a variant of Win32/Adware.RegistryEasy application   deleted - quarantined
C:\Matt and Kary Stuff\stuff from desktop\Install_AIM.exe   Win32/Adware.WBug.A application   deleted - quarantined
C:\Program Files\Registry Easy\Recoveryer.dll   Win32/Adware.RegistryEasy application   cleaned by deleting - quarantined
C:\Program Files\Registry Easy\RegEasyCleaner.exe   a variant of Win32/Adware.RegistryEasy application   cleaned by deleting - quarantined
C:\Program Files\Registry Easy\RegEasyCleanerUpdate.exe   Win32/Adware.RegistryEasy application   cleaned by deleting - quarantined
C:\System Volume Information\_restore{286756EB-FC84-45EF-9037-7FDF3017B2A8}\RP650\A0077336.exe   Win32/Toolbar.Zugo application   deleted - quarantined
C:\System Volume Information\_restore{286756EB-FC84-45EF-9037-7FDF3017B2A8}\RP650\A0077571.exe   Win32/Adware.WBug.A application   deleted - quarantined
C:\System Volume Information\_restore{286756EB-FC84-45EF-9037-7FDF3017B2A8}\RP650\A0077572.dll   Win32/Adware.RegistryEasy application   cleaned by deleting - quarantined
C:\System Volume Information\_restore{286756EB-FC84-45EF-9037-7FDF3017B2A8}\RP650\A0077573.exe   a variant of Win32/Adware.RegistryEasy application   cleaned by deleting - quarantined
C:\System Volume Information\_restore{286756EB-FC84-45EF-9037-7FDF3017B2A8}\RP650\A0077574.exe   Win32/Adware.RegistryEasy application   cleaned by deleting - quarantined

darthgaul · « **Reply #22 on:** April 20, 2011, 04:05:29 AM »

During the above scan my Microsoft Security Essentials antivirus found threats that it said should be removed. I clicked yes without thinking, I hope I didn't mess anything up. Here are the files it removed:

file:C:\Documents and Settings\Matthew\My Documents\Downloads\VeohWebPlayerSetup_eng.exe

containerfile:C:\Documents and Settings\Matthew\Application Data\Sun\Java\Deployment\cache\6.0\52\3a842eb4-3953dd83
file:C:\Documents and Settings\Matthew\Application Data\Sun\Java\Deployment\cache\6.0\52\3a842eb4-3953dd83->dogs/mian.class

containerfile:C:\Documents and Settings\Matthew\Application Data\Sun\Java\Deployment\cache\6.0\31\73769d5f-3bd4842a
file:C:\Documents and Settings\Matthew\Application Data\Sun\Java\Deployment\cache\6.0\31\73769d5f-3bd4842a->g6k1.class

containerfile:C:\Documents and Settings\Matthew\Application Data\Sun\Java\Deployment\cache\6.0\29\330b03dd-7c11d264
file:C:\Documents and Settings\Matthew\Application Data\Sun\Java\Deployment\cache\6.0\29\330b03dd-7c11d264->main.class

containerfile:C:\Documents and Settings\Matthew\Application Data\Sun\Java\Deployment\cache\6.0\29\199bb91d-7804f9d1
file:C:\Documents and Settings\Matthew\Application Data\Sun\Java\Deployment\cache\6.0\29\199bb91d-7804f9d1->DrSPoCCY8TxX5.class

containerfile:C:\Documents and Settings\Matthew\Application Data\Sun\Java\Deployment\cache\6.0\1\4303e9c1-5e59b17b
containerfile:C:\Documents and Settings\Matthew\Application Data\Sun\Java\Deployment\cache\6.0\51\2c063e33-6c89b9f7
file:C:\Documents and Settings\Matthew\Application Data\Sun\Java\Deployment\cache\6.0\1\4303e9c1-5e59b17b->y6u7.class
file:C:\Documents and Settings\Matthew\Application Data\Sun\Java\Deployment\cache\6.0\51\2c063e33-6c89b9f7->y6u7.class

containerfile:C:\Documents and Settings\Admin\Application Data\Sun\Java\Deployment\cache\6.0\44\696d2fac-2c014b1d
file:C:\Documents and Settings\Admin\Application Data\Sun\Java\Deployment\cache\6.0\44\696d2fac-2c014b1d->C.class

containerfile:C:\Documents and Settings\Admin\Application Data\Sun\Java\Deployment\cache\6.0\44\690b50ac-7e24db75
file:C:\Documents and Settings\Admin\Application Data\Sun\Java\Deployment\cache\6.0\44\690b50ac-7e24db75->lorry/Cloners.class

SuperDave · « **Reply #23 on:** April 20, 2011, 04:16:46 PM »

As you can see from the ESET scan, most of the infections were from Registry Easy. I hope you have uninstalled it.
How is your computer working now?

darthgaul · « **Reply #24 on:** April 20, 2011, 06:28:59 PM »

I removed it now. and other programs I should remove or is that it?

My computer seems to be running fine. Thank you so much for taking the time to help.

SuperDave · « **Reply #25 on:** April 21, 2011, 12:52:33 PM »

Great! Let's do some cleanup

To uninstall ComboFix

Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
In the field, type in ComboFix /uninstall

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

Then, press Enter, or click OK.
This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

***************************************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
***************************************************
To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

Click the CleanUp button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
*******************************************************
Looking over your log it seems you don't have any evidence of a third party firewall.

Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

Remember only install ONE firewall

1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) Online Armor
3) Agnitum Outpost
4) PC Tools Firewall Plus

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
******************************************************
Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

darthgaul · « **Reply #26 on:** April 21, 2011, 01:10:44 PM »

It says "Windows cannot find Combofix/Uninstall" I double and triple checked that it was spelled correctly...

SuperDave · « **Reply #27 on:** April 21, 2011, 07:50:53 PM »

Download OTL to your desktop.

To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

Click the CleanUp button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
************************************************
To turn off Windows XP System Restore:

NOTE: These instructions assume that you are using the default Windows XP Start Menu and have not changed to the Classic Start menu. To re-enable the default menu, right-click Start, click Properties, click Start menu (not Classic) and then click OK.

1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore" or "Turn off System Restore on all drives"
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
8. Restart the computer and follow the instructions in the next section to turn on System Restore.

To turn on Windows XP System Restore:

1. Click Start.
2. Right-click My Computer, and then click Properties.
3. Click the System Restore tab.
4. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives."
5. Click Apply, and then click OK.

darthgaul · « **Reply #28 on:** April 22, 2011, 02:37:27 AM »

First of all thanks again for all your help with this.

OTL got rid of Combo fix. Yay!

I was working my way through the other steps on the above posts and was on the: Use the Secunia Software Inspector/ update anything listed part. One of the things it listed was Acrobat reader. apperantly i had two older versions 6.0 and 7.0. I used add/ remove software to take them off but when i was installing the latest version i got a message saying :

Error 1402.could not open key:
HKEY_local_Machine\software\microsoft\windows\currentversion\Run\optionalcomponents\MSFS.
Verify that you have sufficient access to that key of contact support personel

What should I do?

SuperDave · « **Reply #29 on:** April 22, 2011, 10:33:23 AM »

Please try running as Administrator.

darthgaul · « **Reply #30 on:** April 22, 2011, 01:45:30 PM »

Sorry i didn't clarify. I am running as administrator.

SuperDave · « **Reply #31 on:** April 22, 2011, 06:07:13 PM »

Ok. You will have to skip over Secunia but please make sure that Windows and Java are up-to-date.

darthgaul · « **Reply #32 on:** April 22, 2011, 06:49:50 PM »

I was able to update all the other programs that came up from Secunia something is just messed up with acrobat reader.

Windows and Java are up to date.

I was able to remove all the other programs we used also.

One thing I'm noticing it it takes a lot longer for my computer to login to a account (admin or matthew) since I have loaded a 3rd party firewall (Online Armor). My computer makes a strange buzzing/ scraping sound (sounds like the hard drive) when the firewall is turned on/ off. Is that normal? Should I remove it and load another?

SuperDave · « **Reply #33 on:** April 23, 2011, 01:20:03 PM »

Quote

My computer makes a strange buzzing/ scraping sound (sounds like the hard drive) when the firewall is turned on/ off. Is that normal? Should I remove it and load another?

It sounds like something is amiss in the harddrive or one of the fans. It could be just a coincidence that it started at the same time you installed a third-party Firewall. Try uninstall the firewall altogether and see what happens.

darthgaul · « **Reply #34 on:** April 23, 2011, 01:32:48 PM »

Will do.

Also another question do you know how to unlock a registry key so i can install the latest Acrobat reader/ I keep getting the error:
Error 1402.could not open key:
HKEY_local_Machine\software\microsoft\windows\currentversion\Run\optionalcomponents\MSFS.
Verify that you have sufficient access to that key of contact support personel
When i try to install the latest version of acrobat reader.

I tried going through the steps at http://johnsonyip.com/index.php?option=com_content&view=article&id=96&Itemid=198 but hit a wall around step 11 because i don't have a "other users or groups..." button.

I'd really need to have acrobat reader on my computer.

SuperDave · « **Reply #35 on:** April 24, 2011, 12:58:01 PM »

Download ComboFix by sUBs from one of the below links. Be sure to save it to the Desktop.

link # 1
Link # 2
If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Re-running ComboFix to remove infections:

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:
Quote
KillAll::

RegLock::
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Post the ComboFix log in your next reply.

Please try to install Acrobat Reader now.

darthgaul · « **Reply #36 on:** April 25, 2011, 09:59:09 PM »

That worked! you are fricking amazing. Thank you very much. Here is the log:

ComboFix 11-04-25.02 - Admin 04/25/2011 20:43:34.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2476 [GMT -7:00]
Running from: c:\documents and settings\Admin\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Admin\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: Online Armor Firewall *Enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
.
.
((((((((((((((((((((((((( Files Created from 2011-03-26 to 2011-04-26 )))))))))))))))))))))))))))))))
.
.
2011-04-25 18:58 . 2011-04-25 18:58   28752   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BEC163F9-24A5-4CBB-A32E-CC1C6ACAE756}\MpKsl6656390c.sys
2011-04-25 18:58 . 2011-04-11 07:04   7071056   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BEC163F9-24A5-4CBB-A32E-CC1C6ACAE756}\mpengine.dll
2011-04-22 20:36 . 2011-04-22 20:36   159744   ----a-w-   c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2011-04-22 20:36 . 2011-04-22 20:36   159744   ----a-w-   c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2011-04-22 20:36 . 2011-04-22 20:36   159744   ----a-w-   c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2011-04-22 20:36 . 2011-04-22 20:36   159744   ----a-w-   c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2011-04-22 20:36 . 2011-04-22 20:36   159744   ----a-w-   c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2011-04-22 20:36 . 2011-04-22 20:36   159744   ----a-w-   c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2011-04-22 20:36 . 2011-04-22 20:36   159744   ----a-w-   c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2011-04-22 20:35 . 2011-04-22 20:36   --------   d-----w-   c:\program files\QuickTime
2011-04-22 08:09 . 2011-04-22 08:09   --------   d-----w-   c:\documents and settings\Matthew\Application Data\OnlineArmor
2011-04-22 06:51 . 2011-04-22 07:28   --------   d-----w-   c:\documents and settings\All Users\Application Data\OnlineArmor
2011-04-22 06:51 . 2011-04-22 06:51   --------   d-----w-   c:\documents and settings\Admin\Application Data\OnlineArmor
2011-04-22 06:50 . 2011-04-06 20:02   39048   ----a-w-   c:\windows\system32\drivers\oahlp32.sys
2011-04-22 06:50 . 2011-04-06 20:01   29464   ----a-w-   c:\windows\system32\drivers\OAnet.sys
2011-04-22 06:50 . 2011-04-06 20:01   25192   ----a-w-   c:\windows\system32\drivers\OAmon.sys
2011-04-22 06:50 . 2011-04-06 20:01   205864   ----a-w-   c:\windows\system32\drivers\OADriver.sys
2011-04-22 06:49 . 2011-04-22 07:26   --------   d-----w-   c:\program files\Online Armor
2011-04-21 01:20 . 2011-04-21 01:20   --------   d-----w-   c:\documents and settings\Admin\Application Data\Hi-Rez Studios
2011-04-21 01:18 . 2011-04-21 01:18   --------   d-----w-   c:\documents and settings\All Users\Application Data\Hi-Rez Studios
2011-04-21 01:18 . 2011-04-21 18:46   --------   d-----w-   c:\program files\Hi-Rez Studios
2011-04-20 19:18 . 2011-04-11 07:04   7071056   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-04-20 06:55 . 2011-04-20 06:55   --------   d-----w-   c:\program files\ESET
2011-04-19 06:25 . 2010-10-19 20:51   222080   ------w-   c:\windows\system32\MpSigStub.exe
2011-04-19 06:22 . 2011-04-19 06:23   --------   d-----w-   c:\program files\Microsoft Security Client
2011-04-17 20:03 . 2011-04-17 20:03   --------   d-----w-   c:\program files\Ventrilo
2011-04-17 20:02 . 2011-04-21 05:17   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2011-04-16 04:33 . 2011-04-16 04:33   --------   d-----w-   c:\program files\Common Files\Java
2011-04-16 04:32 . 2011-02-03 04:40   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2011-04-16 04:03 . 2011-04-16 04:03   --------   d-----w-   c:\documents and settings\Admin\Application Data\Malwarebytes
2011-04-16 03:22 . 2011-04-16 03:22   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2011-04-15 22:35 . 2011-04-15 22:35   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-04-13 05:33 . 2011-04-13 05:33   --------   d-----w-   c:\documents and settings\Matthew\Local Settings\Application Data\Mozilla
2011-04-13 03:06 . 2011-04-13 03:06   --------   d-----w-   c:\documents and settings\Kary\Application Data\Wacom
2011-04-13 03:06 . 2011-04-13 03:06   --------   d-----w-   c:\documents and settings\Kary\Application Data\WTablet
2011-04-12 23:00 . 2011-04-12 23:00   --------   d-----w-   c:\program files\GameSpy Arcade
2011-04-12 22:57 . 2011-04-12 22:57   --------   d-----w-   c:\program files\Irrational Games
2011-04-08 06:11 . 2010-12-02 09:12   837224   ----a-w-   c:\windows\system32\nvgenco32hda.dll
2011-04-06 10:43 . 2011-01-08 03:27   941160   ----a-w-   c:\windows\system32\nvdispco322090.dll
2011-04-06 10:43 . 2011-01-08 03:27   837736   ----a-w-   c:\windows\system32\nvgenco322040.dll
2011-04-06 09:43 . 2011-04-06 09:43   --------   d-----w-   c:\program files\Common Files\Creative
2011-04-06 09:42 . 2011-04-06 09:44   --------   d--h--w-   c:\program files\Creative Installation Information
2011-04-06 09:27 . 2011-04-06 09:27   --------   d-----w-   c:\documents and settings\All Users\Application Data\Creative
2011-04-06 09:24 . 2003-06-13 06:25   7062   ----a-w-   c:\windows\system32\audiopid.vxd
2011-04-06 09:24 . 2011-04-06 09:24   --------   d-----w-   c:\program files\Common Files\Creative Labs Shared
2011-04-06 09:23 . 2011-04-06 09:23   445016   ----a-w-   c:\windows\system32\wrap_oal.dll
2011-04-06 09:23 . 2004-07-13 01:53   585728   ----a-w-   c:\windows\system32\ctaudfx.dll
2011-04-06 09:23 . 2003-11-13 10:04   606208   ----a-w-   c:\windows\system32\ctsblfx.dll
2011-04-06 09:23 . 2003-11-13 10:02   114688   ----a-w-   c:\windows\system32\commonfx.dll
2011-04-06 09:14 . 2003-11-11 01:14   729088   ----a-w-   c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2011-04-06 09:14 . 2003-11-11 01:13   69715   ----a-w-   c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2011-04-06 09:14 . 2003-11-11 01:12   266240   ----a-w-   c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2011-04-06 09:14 . 2003-11-11 01:12   192512   ----a-w-   c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2011-04-06 09:14 . 2003-11-11 01:11   5632   ----a-w-   c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2011-04-06 09:14 . 2011-04-06 09:14   188548   ----a-w-   c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2011-04-06 09:14 . 2011-04-06 09:14   311428   ----a-w-   c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2011-04-06 09:12 . 2011-04-06 09:12   --------   d-----w-   c:\documents and settings\Matthew\Application Data\InstallShield Installation Information
2011-04-02 09:23 . 2011-04-02 09:23   --------   d-----w-   c:\documents and settings\Admin\Application Data\SystemRequirementsLab
2011-04-02 09:16 . 2011-04-02 09:16   --------   d-----w-   c:\documents and settings\Admin\Local Settings\Application Data\Mozilla
2011-04-02 01:54 . 2011-04-02 01:54   --------   d-----w-   c:\documents and settings\Admin\Application Data\NVIDIA
2011-04-02 01:31 . 2010-11-11 23:10   26216   ----a-w-   c:\windows\system32\nvhdap32.dll
2011-04-02 01:31 . 2010-11-11 23:10   100456   ----a-w-   c:\windows\system32\drivers\nvhda32.sys
2011-04-02 01:31 . 2010-06-21 22:07   232040   ----a-w-   c:\windows\system32\nvcohda.dll
2011-04-02 01:29 . 2011-04-08 06:11   252080   ----a-w-   c:\windows\system32\nvdrsdb0.bin
2011-04-02 01:29 . 2011-04-08 06:11   1   ----a-w-   c:\windows\system32\nvdrssel.bin
2011-04-02 01:29 . 2011-04-08 06:11   252080   ----a-w-   c:\windows\system32\nvdrsdb1.bin
2011-03-28 23:13 . 2011-03-28 23:17   --------   d-----w-   c:\program files\SIW
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-06 09:23 . 2009-05-21 01:18   109144   ----a-w-   c:\windows\system32\OpenAL32.dll
2011-03-07 05:33 . 2009-05-20 21:35   692736   ----a-w-   c:\windows\system32\inetcomm.dll
2011-03-04 06:45 . 2004-08-04 12:00   434176   ----a-w-   c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2004-08-04 12:00   1857920   ----a-w-   c:\windows\system32\win32k.sys
2011-02-17 19:00 . 2004-08-04 12:00   832512   ----a-w-   c:\windows\system32\wininet.dll
2011-02-17 19:00 . 2004-08-04 12:00   78336   ----a-w-   c:\windows\system32\ieencode.dll
2011-02-17 19:00 . 2004-08-04 12:00   1830912   ------w-   c:\windows\system32\inetcpl.cpl
2011-02-17 19:00 . 2004-08-04 12:00   17408   ------w-   c:\windows\system32\corpol.dll
2011-02-17 13:18 . 2004-08-04 12:00   455936   ----a-w-   c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2004-08-04 12:00   357888   ----a-w-   c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2009-05-22 22:18   5120   ----a-w-   c:\windows\system32\xpsp4res.dll
2011-02-17 11:44 . 2004-08-04 12:00   389120   ----a-w-   c:\windows\system32\html.iec
2011-02-15 12:56 . 2004-08-04 12:00   290432   ----a-w-   c:\windows\system32\atmfd.dll
2011-02-09 13:53 . 2004-08-04 12:00   270848   ----a-w-   c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-04 12:00   186880   ----a-w-   c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2004-08-04 12:00   978944   ----a-w-   c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2004-08-04 12:00   974848   ----a-w-   c:\windows\system32\mfc42u.dll
2011-02-03 02:19 . 2009-07-29 08:51   73728   ----a-w-   c:\windows\system32\javacpl.cpl
2011-02-02 07:58 . 2009-05-20 21:34   2067456   ----a-w-   c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2009-05-20 21:34   677888   ----a-w-   c:\windows\system32\mstsc.exe
2011-03-18 17:53 . 2011-04-02 09:16   142296   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-03 102400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-03-16 127037]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"EEventManager"="c:\program files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2005-04-08 102400]
"CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"CTDVDDET"="c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608]
"BambooCore"="c:\program files\Bamboo Dock\BambooCore.exe" [2011-02-10 629336]
"AmazonGSDownloaderTray"="c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-10-23 326144]
"CTHelper"="CTHELPER.EXE" [2010-03-19 19456]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-08 13880424]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-08 111208]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
.
c:\documents and settings\Admin\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\ONLINE~2\oaevent.dll" [2011-04-06 354720]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
"d:\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"=
"d:\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"=
"d:\\World of Warcraft\\WoW-3.2.2.10505-to-3.3.0.10958-enUS-downloader.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Fantasy Grounds II\\FantasyGrounds.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Hi-Rez Studios\\games\\global agenda live\\Binaries\\GlobalAgenda.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
.
R1 MpKsl6656390c;MpKsl6656390c;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BEC163F9-24A5-4CBB-A32E-CC1C6ACAE756}\MpKsl6656390c.sys [4/25/2011 11:58 AM 28752]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [4/21/2011 11:50 PM 205864]
R1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [4/21/2011 11:50 PM 39048]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [4/21/2011 11:50 PM 25192]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [4/21/2011 11:50 PM 29464]
R2 Amazon Download Agent;Amazon Download Agent;c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [3/8/2011 2:54 AM 401920]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2/14/2011 5:28 AM 21992]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files\Hi-Rez Studios\HiPatchService.exe [4/13/2011 1:02 PM 23680]
R2 OAcat;Online Armor Helper Service;c:\program files\Online Armor\oacat.exe [4/21/2011 11:49 PM 381512]
R2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2/10/2011 4:04 PM 4869488]
R2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2/10/2011 4:05 PM 416112]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [4/1/2011 6:31 PM 100456]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2/10/2011 4:04 PM 16240]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/24/2011 11:29 PM 136176]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [3/18/2010 8:39 PM 99416]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [3/18/2010 8:39 PM 99416]
S3 cpuz134;cpuz134;\??\c:\docume~1\Admin\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\Admin\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [4/6/2011 2:24 AM 79360]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [3/18/2010 8:39 PM 555096]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [3/18/2010 8:39 PM 555096]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [3/18/2010 8:39 PM 100952]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [3/18/2010 8:39 PM 100952]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [3/18/2010 8:39 PM 566360]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [3/18/2010 8:39 PM 566360]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/24/2011 11:29 PM 136176]
S3 SvcOnlineArmor;Online Armor;c:\program files\Online Armor\oasrv.exe [4/21/2011 11:49 PM 4326472]
S4 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys --> c:\windows\system32\DRIVERS\AVGIDSShim.Sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-25 01:49]
.
2011-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-25 01:49]
.
2011-04-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1078145449-725345543-1004Core.job
- c:\documents and settings\Matthew\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-22 14:55]
.
2011-04-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1078145449-725345543-1004UA.job
- c:\documents and settings\Matthew\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-22 14:55]
.
2011-04-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1078145449-725345543-1005Core.job
- c:\documents and settings\Kary\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-02 16:50]
.
2011-04-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1078145449-725345543-1005UA.job
- c:\documents and settings\Kary\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-02 16:50]
.
2011-04-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1078145449-725345543-1006Core.job
- c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-22 09:31]
.
2011-04-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1078145449-725345543-1006UA.job
- c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-22 09:31]
.
2011-04-26 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 19:26]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\ee30ac2q.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-25 20:50
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2156)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Tablet\Pen\Pen_TouchUser.exe
c:\windows\system32\wscntfy.exe
c:\program files\Tablet\Pen\Pen_TabletUser.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-04-25 20:53:29 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-26 03:53
.
Pre-Run: 169,950,330,880 bytes free
Post-Run: 170,042,322,944 bytes free
.
- - End Of File - - 19BC45C840308F97D27905FDDB2E5623

SuperDave · « **Reply #37 on:** April 26, 2011, 01:08:09 PM »

Were you able to install Acrobat Reader?

darthgaul · « **Reply #38 on:** April 26, 2011, 01:51:49 PM »

Yes I was. Thank you.

SuperDave · « **Reply #39 on:** April 26, 2011, 04:57:52 PM »

Good. Carry on with your cleanup as described in Reply # 25. Please let me know when you're done.

froggyboy604 · « **Reply #40 on:** May 01, 2011, 09:06:04 PM »

Quote from: darthgaul on April 23, 2011, 01:32:48 PM

Will do.

Also another question do you know how to unlock a registry key so i can install the latest Acrobat reader/ I keep getting the error:
Error 1402.could not open key:
HKEY_local_Machine\software\microsoft\windows\currentversion\Run\optionalcomponents\MSFS.
Verify that you have sufficient access to that key of contact support personel
When i try to install the latest version of acrobat reader.

I tried going through the steps at http://johnsonyip.com/index.php?option=com_content&view=article&id=96&Itemid=198 but hit a wall around step 11 because i don't have a "other users or groups..." button.

I'd really need to have acrobat reader on my computer.

The website for http://johnsonyip.com/index.php?option=com_content&view=article&id=96&Itemid=198 moved to http://johnsonyip.com/how-to-unlock-windows-registry-permissions-tuturials.htm

You can try turning off UAC and switching to the classic theme to see if it works.

darthgaul · « **Reply #41 on:** May 01, 2011, 09:58:36 PM »

Quote from: SuperDave on April 26, 2011, 04:57:52 PM

Good. Carry on with your cleanup as described in Reply # 25. Please let me know when you're done.

All Done.

SuperDave · « **Reply #42 on:** May 02, 2011, 01:11:01 PM »

Very well. I will lock this thread. If you need it re-opened, please send me a pm.

Computer Hope Forum

News:

Author Topic: Scan Results (Read 21674 times)

darthgaul

darthgaul

darthgaul

darthgaul

SuperDave

darthgaul

darthgaul

SuperDave

darthgaul

darthgaul

darthgaul

darthgaul

darthgaul

SuperDave

darthgaul

SuperDave

darthgaul

SuperDave

vandish

darthgaul

SuperDave

darthgaul

darthgaul

SuperDave

darthgaul

SuperDave

darthgaul

SuperDave

darthgaul

SuperDave

darthgaul

SuperDave

darthgaul

SuperDave

darthgaul

SuperDave

darthgaul

SuperDave

darthgaul

SuperDave

froggyboy604

darthgaul

SuperDave