Malware

[mpalmerbio]

Hello,
I had a redirect bug which I thought I had removed with hijackthis, but now I am pretty sure I have some kind of infection that malwarebytes can't find. I read the rules and I downloaded AVG, combofix to desktop and am now submitting my hijackthis log. Any help would be greatly appreciated! Thank you in advance.

Oh I now have a wierd program on my desktop with random numbers. It originally said defender.exe. I can't remove it because it has administrator status.

[recovering disk space - old attachment deleted by admin]

[Allan]

Please follow the instructions in the following link and post your logs:
http://www.computerhope.com/forum/index.php/topic,46313.0.html

[SuperDave]

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
**********************************************************

Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

O2 - BHO: de98df4f - {02793B83-A34E-8E24-3C64-85C4CF445449} - C:\ProgramData\authfwcfg32.dll
O2 - BHO: (no name) - {036F02A1-101E-495D-9677-D20ADB4410E7} - C:\Windows\SysWow64\authfwcfg32.dll
O2 - BHO: de98df4f - {0A01444C-73A2-E521-A3F6-46ADE9917563} - C:\ProgramData\authfwcfg32.dll
O2 - BHO: de98df4f - {12E36CF5-513B-C74F-72EA-0C37713D5BAB} - C:\ProgramData\authfwcfg32.dll
O2 - BHO: de98df4f - {24538E4E-6642-19F1-3365-C478D775D9A3} - C:\ProgramData\authfwcfg32.dll
O2 - BHO: de98df4f - {29333E70-EAF8-AEA6-0EF5-E02F40830394} - C:\ProgramData\authfwcfg32.dll
O2 - BHO: de98df4f - {3CCF902B-AE2A-D46A-6A19-E85A14A6DCE9} - C:\ProgramData\authfwcfg32.dll
O2 - BHO: de98df4f - {6A3254F0-7D7E-737E-D947-CBCB548B1EB0} - C:\ProgramData\authfwcfg32.dll
O2 - BHO: de98df4f - {6FED2A99-F0F6-B244-9CEF-B16BA961D6CC} - C:\ProgramData\authfwcfg32.dll
O2 - BHO: de98df4f - {81B405F6-9F3B-0BEC-4F8C-E80D9EDA8BB5} - C:\ProgramData\authfwcfg32.dll
O2 - BHO: de98df4f - {8995D03E-96D9-B0C5-79B7-9EB49FA985F5} - C:\ProgramData\authfwcfg32.dll
O2 - BHO: de98df4f - {89CECCE4-C044-38F8-EEDE-880744D01484} - C:\ProgramData\authfwcfg32.dll
O2 - BHO: de98df4f - {8A85028D-883F-D864-D584-72E546A5F2FA} - C:\ProgramData\authfwcfg32.dll
O2 - BHO: de98df4f - {9D100874-1E36-7DFF-D1DF-426259E59D51} - C:\ProgramData\authfwcfg32.dll
O2 - BHO: de98df4f - {A5106F50-A92E-6424-3DD1-EA965B9E4F44} - C:\ProgramData\authfwcfg32.dll
O2 - BHO: de98df4f - {A8D8F5AC-1ABE-F29F-4B78-B65E2F8F6A99} - C:\ProgramData\authfwcfg32.dll
O2 - BHO: de98df4f - {A9716CD4-B019-31A9-3295-A8682EFE9668} - C:\ProgramData\authfwcfg32.dll
O2 - BHO: de98df4f - {ACF4A915-89A5-74E4-D0C5-35AAEE66A2B1} - C:\ProgramData\authfwcfg32.dll
O2 - BHO: de98df4f - {B616087B-CFA8-0216-266E-2E151D3BF380} - C:\ProgramData\authfwcfg32.dll
O2 - BHO: de98df4f - {BF16C232-E9C4-524D-A3C5-9240E1301E6F} - C:\ProgramData\authfwcfg32.dll
O2 - BHO: de98df4f - {C8C9016C-62F4-A0F3-ABC2-88093DEAB7C2} - C:\ProgramData\authfwcfg32.dll
O2 - BHO: de98df4f - {C9854B97-1E55-C02A-FEB7-E15263751E73} - C:\ProgramData\authfwcfg32.dll
O2 - BHO: de98df4f - {D74ABD5E-A006-0A4D-F96B-493E1EEF1AF3} - C:\ProgramData\authfwcfg32.dll
O2 - BHO: de98df4f - {DC708505-76C3-5152-5050-89A1C01FFCE8} - C:\ProgramData\authfwcfg32.dll
O2 - BHO: de98df4f - {E113BD96-8072-9B05-D7DE-8685137BFC7D} - C:\ProgramData\authfwcfg32.dll
O2 - BHO: de98df4f - {E95F8275-875B-9F6F-C5E4-C78B680B61CE} - C:\ProgramData\authfwcfg32.dll
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [MFARestart] "C:\ProgramData\MFAData\pack\avgrunasx.exe" /usereg
O20 - AppInit_DLLs: C:\ProgramData\authfwcfg32.dll

Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.
*****************************************************
SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
**********************************************
Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
• Please save the log to a location you will remember.
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
******************************************************
Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.

[mpalmerbio]

Thank you.

SAS Log
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/03/2011 at 02:03 AM

Application Version : 4.55.1000

Core Rules Database Version : 7368
Trace Rules Database Version: 5180

Scan type       : Complete Scan
Total Scan Time : 03:19:01

Memory items scanned      : 575
Memory threats detected   : 0
Registry items scanned    : 14992
Registry threats detected : 10
File items scanned        : 259124
File threats detected     : 437

Adware.Tracking Cookie
   C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@atdmt[1].txt
   C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@adbrite[2].txt
   C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@imrworldwide[2].txt
   C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@advertise[1].txt
   .invitemedia.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .burstnet.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   www.burstnet.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .atdmt.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .advertising.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .interclick.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .interclick.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ru4.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ru4.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ads.pointroll.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .pointroll.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .pro-market.net [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .imrworldwide.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .imrworldwide.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .a1.interclick.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .specificmedia.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .collective-media.net [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .collective-media.net [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .collective-media.net [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .collective-media.net [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .collective-media.net [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .specificclick.net [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .specificclick.net [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .specificclick.net [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .specificclick.net [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .collective-media.net [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .collective-media.net [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .collective-media.net [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .apmebf.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .fastclick.net [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .collective-media.net [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .collective-media.net [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .collective-media.net [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .chitika.net [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .serving-sys.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .serving-sys.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .serving-sys.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .serving-sys.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .serving-sys.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .serving-sys.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .serving-sys.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .bs.serving-sys.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .zedo.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .zedo.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .zedo.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adserver.adtechus.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   eas.apm.emediate.eu [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   eas.apm.emediate.eu [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .media6degrees.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .media6degrees.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .media6degrees.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .tribalfusion.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .doubleclick.net [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .zedo.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .questionmarket.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .questionmarket.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .atdmt.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .atdmt.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .a1.interclick.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .interclick.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .a1.interclick.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .a1.interclick.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .a1.interclick.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .lucidmedia.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .a1.interclick.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .zedo.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .zedo.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .zedo.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .mediabrandsww.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   citi.bridgetrack.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   citi.bridgetrack.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   citi.bridgetrack.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   citi.bridgetrack.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .account.live.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .account.live.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .yieldmanager.net [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .invitemedia.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .content.yieldmanager.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adinterax.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .fastclick.net [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .fastclick.net [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .r1-ads.ace.advertising.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .advertising.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .advertising.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .advertising.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   accounts.youtube.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .atdmt.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ads.pointroll.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .invitemedia.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .invitemedia.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .invitemedia.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .invitemedia.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .invitemedia.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .invitemedia.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .invitemedia.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .content.yieldmanager.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .pointroll.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ads.pointroll.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ads.pointroll.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ads.pointroll.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ads.pointroll.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ads.pointroll.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ads.pointroll.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .advertising.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adinterax.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   2mdn.net [ C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\97UH4H4X ]
   a.ads2.msads.net [ C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\97UH4H4X ]
   ads1.msn.com [ C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\97UH4H4X ]
   ads2.msads.net [ C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\97UH4H4X ]
   b.ads2.msads.net [ C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\97UH4H4X ]
   bc.youporn.com [ C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\97UH4H4X ]
   broadcast.piximedia.fr [ C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\97UH4H4X ]
   cdn-www.pornhub.com [ C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\97UH4H4X ]
   cdn.eyewonder.com [ C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\97UH4H4X ]
   cdn.insights.gravity.com [ C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\97UH4H4X ]
   cdn1.static.pornhub.phncdn.com [ C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\97UH4H4X ]
   cdn4.specificclick.net [ C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\97UH4H4X ]
   cdn5.specificclick.net [ C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\97UH4H4X ]
   cloudfront.mediamatters.org [ C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\97UH4H4X ]
   content.oddcast.com [ C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\97UH4H4X ]
   core.insightexpressai.com [ C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\97UH4H4X ]
   ec.atdmt.com [ C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\97UH4H4X ]
   files.youporn.com [ C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\97UH4H4X ]
   flvplayer2.hardsextube.com [ C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\97UH4H4X ]
   googleads.g.doubleclick.net [ C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\97UH4H4X ]
   hs.interpolls.com [ C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\97UH4H4X ]
   i.*adult URL* [ C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\97UH4H4X ]
   ia.media-imdb.com [ C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\97UH4H4X ]
   ictv-ic-ec.indieclicktv.com [ C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\97UH4H4X ]
   imagec05.247realmedia.com [ C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\97UH4H4X ]
   indieclick.3janecdn.com [ C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\97UH4H4X ]
   kpbs.media.clients.ellingtoncms.com [ C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\97UH4H4X ]
   m1.2mdn.net [ C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\97UH4H4X ]
   macromedia.com [ C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\97UH4H4X ]
   media-ti.pictela.net [ C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\97UH4H4X ]
   media.cnbc.com [ C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\97UH4H4X ]
   media.entertonement.com [ C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\97UH4H4X ]
   media.ign.com [ C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\97UH4H4X ]
   media.kyte.tv [ C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\97UH4H4X ]
   media.movieweb.com [ C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\97UH4H4X ]
   media.mtvnservices.com [ C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\97UH4H4X ]
   media.nbcbayarea.com [ C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\97UH4H4X ]
   media.nbclosangeles.com [ C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\97UH4H4X ]
   media.nbcnewyork.com [ C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\97UH4H4X ]
   media.nbcwashington.com [ C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\97UH4H4X ]
   media.onsugar.com [ C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\97UH4H4X ]
   media.scanscout.com [ C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\97UH4H4X ]
   media.thewb.com [ C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\97UH4H4X ]
   media.wfaa.com [ C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\97UH4H4X ]
   media01.kyte.tv [ C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\97UH4H4X ]
   media1.break.com [ C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\97UH4H4X ]
   msnbcmedia.msn.com [ C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\97UH4H4X ]
   naiadsystems.com [ C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\97UH4H4X ]
   objects.tremormedia.com [ C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\97UH4H4X ]
   parksandresorts.wdpromedia.com [ C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\97UH4H4X ]
   piximedia.fr [ C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\97UH4H4X ]
   pornotube.com [ C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\97UH4H4X ]
   s0.2mdn.net [ C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\97UH4H4X ]
   secure-us.imrworldwide.com [ C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\97UH4H4X ]
   serving-sys.com [ C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\97UH4H4X ]
   sex.healthguru.com [ C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\97UH4H4X ]
   sftrack.searchforce.net [ C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\97UH4H4X ]
   spe.atdmt.com [ C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\97UH4H4X ]
   stat.radioblogclub.com [ C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\97UH4H4X ]
   static.2mdn.net [ C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\97UH4H4X ]
   static.youporn.com [ C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\97UH4H4X ]
   udn.specificclick.net [ C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\97UH4H4X ]
   video.redorbit.com [ C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\97UH4H4X ]
   videos.allelitepass.com [ C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\97UH4H4X ]
   vidii.hardsextube.com [ C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\97UH4H4X ]
   www.crackle.com [ C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\97UH4H4X ]
   www.homesexdaily.com [ C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\97UH4H4X ]
   www.mofosex.com [ C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\97UH4H4X ]
   www.naiadsystems.com [ C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\97UH4H4X ]
   www.oneclicktube.com [ C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\97UH4H4X ]
   www.pornhub.com [ C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\97UH4H4X ]
   www.pornoxo.com [ C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\97UH4H4X ]
   www.realgfporn.com [ C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\97UH4H4X ]
   www.sexpornok.com [ C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\97UH4H4X ]
   www.soundclick.com [ C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\97UH4H4X ]
   www.teenist.com [ C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\97UH4H4X ]
   www.thesexclub.tv [ C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\97UH4H4X ]
   www.xxxsexporntube.com [ C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\97UH4H4X ]
   wwwstatic.megaporn.com [ C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\97UH4H4X ]
   .atdmt.com [ C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\cookies.sqlite ]
   .imrworldwide.com [ C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\cookies.sqlite ]
   .imrworldwide.com [ C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\cookies.sqlite ]
   .doubleclick.net [ C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\cookies.sqlite ]
   segment-pixel.invitemedia.com [ C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\cookies.sqlite ]
   .invitemedia.com [ C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\cookies.sqlite ]
   ad.yieldmanager.com [ C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\cookies.sqlite ]
   ad.yieldmanager.com [ C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\cookies.sqlite ]
   .invitemedia.com [ C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\cookies.sqlite ]
   .invitemedia.com [ C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\cookies.sqlite ]
   .avgtechnologies.112.2o7.net [ C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\cookies.sqlite ]
   .statcounter.com [ C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\cookies.sqlite ]
   .www.sexemail.org [ C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\cookies.sqlite ]
   .www.sexemail.org [ C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\cookies.sqlite ]
   .www.sexemail.org [ C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\cookies.sqlite ]
   ad.yieldmanager.com [ C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\cookies.sqlite ]
   ad.yieldmanager.com [ C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\cookies.sqlite ]
   ad.yieldmanager.com [ C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\cookies.sqlite ]
   ad.yieldmanager.com [ C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\cookies.sqlite ]
   .invitemedia.com [ C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\cookies.sqlite ]
   .invitemedia.com [ C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\cookies.sqlite ]
   .invitemedia.com [ C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\cookies.sqlite ]
   .invitemedia.com [ C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\cookies.sqlite ]
   .invitemedia.com [ C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\cookies.sqlite ]
   .ero-advertising.com [ C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\cookies.sqlite ]
   .ru4.com [ C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\cookies.sqlite ]
   .ru4.com [ C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\cookies.sqlite ]
   .media6degrees.com [ C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\cookies.sqlite ]
   .media6degrees.com [ C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\cookies.sqlite ]
   .tribalfusion.com [ C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\cookies.sqlite ]
   .invitemedia.com [ C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\cookies.sqlite ]
   .pro-market.net [ C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\cookies.sqlite ]
   .atdmt.com [ C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\cookies.sqlite ]
   .interclick.com [ C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\cookies.sqlite ]
   .interclick.com [ C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\cookies.sqlite ]
   .a1.interclick.com [ C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\cookies.sqlite ]
   .a1.interclick.com [ C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\cookies.sqlite ]
   .a1.interclick.com [ C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\cookies.sqlite ]
   .interclick.com [ C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\cookies.sqlite ]
   .content.yieldmanager.com [ C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\cookies.sqlite ]
   .serving-sys.com [ C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\cookies.sqlite ]
   .serving-sys.com [ C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\cookies.sqlite ]
   .serving-sys.com [ C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\cookies.sqlite ]
   .serving-sys.com [ C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\cookies.sqlite ]
   .legolas-media.com [ C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\cookies.sqlite ]
   .legolas-media.com [ C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\cookies.sqlite ]
   .at.atwola.com [ C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\cookies.sqlite ]
   .tacoda.at.atwola.com [ C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\cookies.sqlite ]
   .tacoda.at.atwola.com [ C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\cookies.sqlite ]
   .tacoda.at.atwola.com [ C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\cookies.sqlite ]
   .at.atwola.com [ C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\cookies.sqlite ]
   .advertising.com [ C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\cookies.sqlite ]
   .advertising.com [ C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\cookies.sqlite ]
   .ar.atwola.com [ C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\cookies.sqlite ]
   .msnbc.112.2o7.net [ C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\cookies.sqlite ]
   .zedo.com [ C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\cookies.sqlite ]
   .zedo.com [ C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\cookies.sqlite ]
   .zedo.com [ C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\cookies.sqlite ]
   www.find-quick-results.com [ C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\cookies.sqlite ]
   .advertise.com [ C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\cookies.sqlite ]
   .microsoftsto.112.2o7.net [ C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\cookies.sqlite ]
   .*adult URL* [ C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\cookies.sqlite ]
   .*adult URL* [ C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\cookies.sqlite ]
   .*adult URL* [ C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\cookies.sqlite ]
   .*adult URL* [ C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\cookies.sqlite ]
   .*adult URL* [ C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\cookies.sqlite ]
   .exoclick.com [ C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\cookies.sqlite ]
   .*adult URL* [ C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\cookies.sqlite ]
   .*adult URL* [ C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\cookies.sqlite ]
   .ads.traffichaus.com [ C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\cookies.sqlite ]
   .traffichaus.com [ C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\cookies.sqlite ]
   .adxpansion.com [ C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\cookies.sqlite ]
   accounts.youtube.com [ C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\cookies.sqlite ]
   .xxxbook.com [ C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\cookies.sqlite ]
   .specificclick.net [ C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\cookies.sqlite ]
   .apmebf.com [ C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\cookies.sqlite ]
   .mediaplex.com [ C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\cookies.sqlite ]
   .mediaplex.com [ C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\cookies.sqlite ]
   .media6degrees.com [ C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\cookies.sqlite ]
   .media6degrees.com [ C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\cookies.sqlite ]
   .media6degrees.com [ C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\cookies.sqlite ]
   .advertising.com [ C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\cookies.sqlite ]
   .r1-ads.ace.advertising.com [ C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\cookies.sqlite ]
   .advertising.com [ C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\cookies.sqlite ]
   .advertising.com [ C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\cookies.sqlite ]
   .yieldmanager.net [ C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\cookies.sqlite ]
   ads1.msn.com [ C:\Users\ElCrotchoGrande\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TZEYHVYC ]
   interclick.com [ C:\Users\ElCrotchoGrande\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TZEYHVYC ]
   wwwstatic.megaporn.com [ C:\Users\ElCrotchoGrande\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TZEYHVYC ]
   C:\Users\ElCrotchoGrande\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Users\ElCrotchoGrande\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Users\ElCrotchoGrande\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Users\ElCrotchoGrande\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Users\ElCrotchoGrande\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Users\ElCrotchoGrande\AppData\Roaming\Microsoft\Windows\Cookies\elcrotchogrande@adecn[1].txt
   C:\Users\ElCrotchoGrande\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Users\ElCrotchoGrande\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Users\ElCrotchoGrande\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Users\ElCrotchoGrande\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Users\ElCrotchoGrande\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Users\ElCrotchoGrande\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Users\ElCrotchoGrande\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Users\ElCrotchoGrande\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Users\ElCrotchoGrande\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Users\ElCrotchoGrande\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Users\ElCrotchoGrande\AppData\Roaming\Microsoft\Windows\Cookies\elcrotchogrande@burstnet[2].txt
   C:\Users\ElCrotchoGrande\AppData\Roaming\Microsoft\Windows\Cookies\elcrotchogrande@chitika[2].txt
   C:\Users\ElCrotchoGrande\AppData\Roaming\Microsoft\Windows\Cookies\elcrotchogrande@clicktorrent[2].txt
   C:\Users\ElCrotchoGrande\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Users\ElCrotchoGrande\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Users\ElCrotchoGrande\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][3].txt
   C:\Users\ElCrotchoGrande\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Users\ElCrotchoGrande\AppData\Roaming\Microsoft\Windows\Cookies\elcrotchogrande@exitexchange[1].txt
   C:\Users\ElCrotchoGrande\AppData\Roaming\Microsoft\Windows\Cookies\elcrotchogrande@fuckedupfacials[1].txt
   C:\Users\ElCrotchoGrande\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Users\ElCrotchoGrande\AppData\Roaming\Microsoft\Windows\Cookies\elcrotchogrande@imrworldwide[2].txt
   C:\Users\ElCrotchoGrande\AppData\Roaming\Microsoft\Windows\Cookies\elcrotchogrande@interclick[1].txt
   C:\Users\ElCrotchoGrande\AppData\Roaming\Microsoft\Windows\Cookies\elcrotchogrande@maxporn[2].txt
   C:\Users\ElCrotchoGrande\AppData\Roaming\Microsoft\Windows\Cookies\elcrotchogrande@media6degrees[1].txt
   C:\Users\ElCrotchoGrande\AppData\Roaming\Microsoft\Windows\Cookies\elcrotchogrande@myroitracking[2].txt
   C:\Users\ElCrotchoGrande\AppData\Roaming\Microsoft\Windows\Cookies\elcrotchogrande@pornfuze[1].txt
   C:\Users\ElCrotchoGrande\AppData\Roaming\Microsoft\Windows\Cookies\elcrotchogrande@printcountry[2].txt
   C:\Users\ElCrotchoGrande\AppData\Roaming\Microsoft\Windows\Cookies\elcrotchogrande@revsci[2].txt
   C:\Users\ElCrotchoGrande\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Users\ElCrotchoGrande\AppData\Roaming\Microsoft\Windows\Cookies\elcrotchogrande@specificmedia[2].txt
   C:\Users\ElCrotchoGrande\AppData\Roaming\Microsoft\Windows\Cookies\elcrotchogrande@toplist[1].txt
   C:\Users\ElCrotchoGrande\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Users\ElCrotchoGrande\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Users\ElCrotchoGrande\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Users\ElCrotchoGrande\AppData\Roaming\Microsoft\Windows\Cookies\elcrotchogrande@yadro[1].txt
   C:\Users\ElCrotchoGrande\AppData\Roaming\Microsoft\Windows\Cookies\elcrotchogrande@yieldmanager[1].txt
   C:\Users\ElCrotchoGrande\AppData\Roaming\Microsoft\Windows\Cookies\Low\elcrotchogrande@2o7[2].txt
   C:\Users\ElCrotchoGrande\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\ElCrotchoGrande\AppData\Roaming\Microsoft\Windows\Cookies\Low\elcrotchogrande@adbrite[2].txt
   C:\Users\ElCrotchoGrande\AppData\Roaming\Microsoft\Windows\Cookies\Low\elcrotchogrande@adlegend[2].txt
   C:\Users\ElCrotchoGrande\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\ElCrotchoGrande\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\ElCrotchoGrande\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\ElCrotchoGrande\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\ElCrotchoGrande\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\ElCrotchoGrande\AppData\Roaming\Microsoft\Windows\Cookies\Low\elcrotchogrande@advertising[1].txt
   C:\Users\ElCrotchoGrande\AppData\Roaming\Microsoft\Windows\Cookies\Low\elcrotchogrande@apmebf[1].txt
   C:\Users\ElCrotchoGrande\AppData\Roaming\Microsoft\Windows\Cookies\Low\elcrotchogrande@atdmt[2].txt
   C:\Users\ElCrotchoGrande\AppData\Roaming\Microsoft\Windows\Cookies\Low\elcrotchogrande@chitika[1].txt
   C:\Users\ElCrotchoGrande\AppData\Roaming\Microsoft\Windows\Cookies\Low\elcrotchogrande@clicktorrent[2].txt
   C:\Users\ElCrotchoGrande\AppData\Roaming\Microsoft\Windows\Cookies\Low\elcrotchogrande@collective-media[1].txt
   C:\Users\ElCrotchoGrande\AppData\Roaming\Microsoft\Windows\Cookies\Low\elcrotchogrande@doubleclick[1].txt
   C:\Users\ElCrotchoGrande\AppData\Roaming\Microsoft\Windows\Cookies\Low\elcrotchogrande@fastclick[2].txt
   C:\Users\ElCrotchoGrande\AppData\Roaming\Microsoft\Windows\Cookies\Low\elcrotchogrande@kontera[1].txt
   C:\Users\ElCrotchoGrande\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\ElCrotchoGrande\AppData\Roaming\Microsoft\Windows\Cookies\Low\elcrotchogrande@media6degrees[1].txt
   C:\Users\ElCrotchoGrande\AppData\Roaming\Microsoft\Windows\Cookies\Low\elcrotchogrande@megaporn[2].txt
   C:\Users\ElCrotchoGrande\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\ElCrotchoGrande\AppData\Roaming\Microsoft\Windows\Cookies\Low\elcrotchogrande@overture[2].txt
   C:\Users\ElCrotchoGrande\AppData\Roaming\Microsoft\Windows\Cookies\Low\elcrotchogrande@porntube[2].txt
   C:\Users\ElCrotchoGrande\AppData\Roaming\Microsoft\Windows\Cookies\Low\elcrotchogrande@questionmarket[2].txt
   C:\Users\ElCrotchoGrande\AppData\Roaming\Microsoft\Windows\Cookies\Low\elcrotchogrande@statcounter[1].txt
   C:\Users\ElCrotchoGrande\AppData\Roaming\Microsoft\Windows\Cookies\Low\elcrotchogrande@tribalfusion[1].txt
   C:\Users\ElCrotchoGrande\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\ElCrotchoGrande\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\ElCrotchoGrande\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\ElCrotchoGrande\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\ElCrotchoGrande\AppData\Roaming\Microsoft\Windows\Cookies\Low\elcrotchogrande@zedo[2].txt
   .adbrite.com [ C:\Users\ElCrotchoGrande\AppData\Roaming\Mozilla\Firefox\Profiles\fc063edh.default\cookies.sqlite ]
   .adserver.adtechus.com [ C:\Users\ElCrotchoGrande\AppData\Roaming\Mozilla\Firefox\Profiles\fc063edh.default\cookies.sqlite ]
   .imrworldwide.com [ C:\Users\ElCrotchoGrande\AppData\Roaming\Mozilla\Firefox\Profiles\fc063edh.default\cookies.sqlite ]
   .imrworldwide.com [ C:\Users\ElCrotchoGrande\AppData\Roaming\Mozilla\Firefox\Profiles\fc063edh.default\cookies.sqlite ]
   ad.yieldmanager.com [ C:\Users\ElCrotchoGrande\AppData\Roaming\Mozilla\Firefox\Profiles\fc063edh.default\cookies.sqlite ]
   ad.yieldmanager.com [ C:\Users\ElCrotchoGrande\AppData\Roaming\Mozilla\Firefox\Profiles\fc063edh.default\cookies.sqlite ]
   .content.yieldmanager.com [ C:\Users\ElCrotchoGrande\AppData\Roaming\Mozilla\Firefox\Profiles\fc063edh.default\cookies.sqlite ]
   .statcounter.com [ C:\Users\ElCrotchoGrande\AppData\Roaming\Mozilla\Firefox\Profiles\fc063edh.default\cookies.sqlite ]
   .statcounter.com [ C:\Users\ElCrotchoGrande\AppData\Roaming\Mozilla\Firefox\Profiles\fc063edh.default\cookies.sqlite ]
   adserver.itsfogo.com [ C:\Users\ElCrotchoGrande\AppData\Roaming\Mozilla\Firefox\Profiles\fc063edh.default\cookies.sqlite ]
   ad.yieldmanager.com [ C:\Users\ElCrotchoGrande\AppData\Roaming\Mozilla\Firefox\Profiles\fc063edh.default\cookies.sqlite ]
   ad.yieldmanager.com [ C:\Users\ElCrotchoGrande\AppData\Roaming\Mozilla\Firefox\Profiles\fc063edh.default\cookies.sqlite ]
   ad.yieldmanager.com [ C:\Users\ElCrotchoGrande\AppData\Roaming\Mozilla\Firefox\Profiles\fc063edh.default\cookies.sqlite ]
   ad.yieldmanager.com [ C:\Users\ElCrotchoGrande\AppData\Roaming\Mozilla\Firefox\Profiles\fc063edh.default\cookies.sqlite ]
   .doubleclick.net [ C:\Users\ElCrotchoGrande\AppData\Roaming\Mozilla\Firefox\Profiles\fc063edh.default\cookies.sqlite ]
   .content.yieldmanager.com [ C:\Users\ElCrotchoGrande\AppData\Roaming\Mozilla\Firefox\Profiles\fc063edh.default\cookies.sqlite ]
   ad.yieldmanager.com [ C:\Users\ElCrotchoGrande\AppData\Roaming\Mozilla\Firefox\Profiles\fc063edh.default\cookies.sqlite ]
   .invitemedia.com [ C:\Users\ElCrotchoGrande\AppData\Roaming\Mozilla\Firefox\Profiles\fc063edh.default\cookies.sqlite ]
   .invitemedia.com [ C:\Users\ElCrotchoGrande\AppData\Roaming\Mozilla\Firefox\Profiles\fc063edh.default\cookies.sqlite ]
   .atdmt.com [ C:\Users\ElCrotchoGrande\AppData\Roaming\Mozilla\Firefox\Profiles\fc063edh.default\cookies.sqlite ]
   .atdmt.com [ C:\Users\ElCrotchoGrande\AppData\Roaming\Mozilla\Firefox\Profiles\fc063edh.default\cookies.sqlite ]
   .kontera.com [ C:\Users\ElCrotchoGrande\AppData\Roaming\Mozilla\Firefox\Profiles\fc063edh.default\cookies.sqlite ]
   .zedo.com [ C:\Users\ElCrotchoGrande\AppData\Roaming\Mozilla\Firefox\Profiles\fc063edh.default\cookies.sqlite ]
   .advertising.com [ C:\Users\ElCrotchoGrande\AppData\Roaming\Mozilla\Firefox\Profiles\fc063edh.default\cookies.sqlite ]
   .advertising.com [ C:\Users\ElCrotchoGrande\AppData\Roaming\Mozilla\Firefox\Profiles\fc063edh.default\cookies.sqlite ]
   .advertising.com [ C:\Users\ElCrotchoGrande\AppData\Roaming\Mozilla\Firefox\Profiles\fc063edh.default\cookies.sqlite ]
   .advertising.com [ C:\Users\ElCrotchoGrande\AppData\Roaming\Mozilla\Firefox\Profiles\fc063edh.default\cookies.sqlite ]
   .zedo.com [ C:\Users\ElCrotchoGrande\AppData\Roaming\Mozilla\Firefox\Profiles\fc063edh.default\cookies.sqlite ]
   .zedo.com [ C:\Users\ElCrotchoGrande\AppData\Roaming\Mozilla\Firefox\Profiles\fc063edh.default\cookies.sqlite ]
   .zedo.com [ C:\Users\ElCrotchoGrande\AppData\Roaming\Mozilla\Firefox\Profiles\fc063edh.default\cookies.sqlite ]
   .zedo.com [ C:\Users\ElCrotchoGrande\AppData\Roaming\Mozilla\Firefox\Profiles\fc063edh.default\cookies.sqlite ]
   .zedo.com [ C:\Users\ElCrotchoGrande\AppData\Roaming\Mozilla\Firefox\Profiles\fc063edh.default\cookies.sqlite ]
   .advertising.com [ C:\Users\ElCrotchoGrande\AppData\Roaming\Mozilla\Firefox\Profiles\fc063edh.default\cookies.sqlite ]
   .zedo.com [ C:\Users\ElCrotchoGrande\AppData\Roaming\Mozilla\Firefox\Profiles\fc063edh.default\cookies.sqlite ]
   .yieldmanager.net [ C:\Users\ElCrotchoGrande\AppData\Roaming\Mozilla\Firefox\Profiles\fc063edh.default\cookies.sqlite ]
   .ads.pointroll.com [ C:\Users\ElCrotchoGrande\AppData\Roaming\Mozilla\Firefox\Profiles\fc063edh.default\cookies.sqlite ]
   .pointroll.com [ C:\Users\ElCrotchoGrande\AppData\Roaming\Mozilla\Firefox\Profiles\fc063edh.default\cookies.sqlite ]
   .pointroll.com [ C:\Users\ElCrotchoGrande\AppData\Roaming\Mozilla\Firefox\Profiles\fc063edh.default\cookies.sqlite ]
   .ads.pointroll.com [ C:\Users\ElCrotchoGrande\AppData\Roaming\Mozilla\Firefox\Profiles\fc063edh.default\cookies.sqlite ]
   .ads.pointroll.com [ C:\Users\ElCrotchoGrande\AppData\Roaming\Mozilla\Firefox\Profiles\fc063edh.default\cookies.sqlite ]
   .ads.pointroll.com [ C:\Users\ElCrotchoGrande\AppData\Roaming\Mozilla\Firefox\Profiles\fc063edh.default\cookies.sqlite ]
   .ads.pointroll.com [ C:\Users\ElCrotchoGrande\AppData\Roaming\Mozilla\Firefox\Profiles\fc063edh.default\cookies.sqlite ]
   .ads.pointroll.com [ C:\Users\ElCrotchoGrande\AppData\Roaming\Mozilla\Firefox\Profiles\fc063edh.default\cookies.sqlite ]
   .ads.pointroll.com [ C:\Users\ElCrotchoGrande\AppData\Roaming\Mozilla\Firefox\Profiles\fc063edh.default\cookies.sqlite ]
   pixel.invitemedia.com [ C:\Users\ElCrotchoGrande\AppData\Roaming\Mozilla\Firefox\Profiles\fc063edh.default\cookies.sqlite ]
   .invitemedia.com [ C:\Users\ElCrotchoGrande\AppData\Roaming\Mozilla\Firefox\Profiles\fc063edh.default\cookies.sqlite ]
   .invitemedia.com [ C:\Users\ElCrotchoGrande\AppData\Roaming\Mozilla\Firefox\Profiles\fc063edh.default\cookies.sqlite ]
   ad.yieldmanager.com [ C:\Users\ElCrotchoGrande\AppData\Roaming\Mozilla\Firefox\Profiles\fc063edh.default\cookies.sqlite ]
   ad.yieldmanager.com [ C:\Users\ElCrotchoGrande\AppData\Roaming\Mozilla\Firefox\Profiles\fc063edh.default\cookies.sqlite ]
   .content.yieldmanager.com [ C:\Users\ElCrotchoGrande\AppData\Roaming\Mozilla\Firefox\Profiles\fc063edh.default\cookies.sqlite ]
   citi.bridgetrack.com [ C:\Users\ElCrotchoGrande\AppData\Roaming\Mozilla\Firefox\Profiles\fc063edh.default\cookies.sqlite ]
   citi.bridgetrack.com [ C:\Users\ElCrotchoGrande\AppData\Roaming\Mozilla\Firefox\Profiles\fc063edh.default\cookies.sqlite ]
   citi.bridgetrack.com [ C:\Users\ElCrotchoGrande\AppData\Roaming\Mozilla\Firefox\Profiles\fc063edh.default\cookies.sqlite ]
   citi.bridgetrack.com [ C:\Users\ElCrotchoGrande\AppData\Roaming\Mozilla\Firefox\Profiles\fc063edh.default\cookies.sqlite ]
   .bs.serving-sys.com [ C:\Users\ElCrotchoGrande\AppData\Roaming\Mozilla\Firefox\Profiles\fc063edh.default\cookies.sqlite ]
   .serving-sys.com [ C:\Users\ElCrotchoGrande\AppData\Roaming\Mozilla\Firefox\Profiles\fc063edh.default\cookies.sqlite ]
   .serving-sys.com [ C:\Users\ElCrotchoGrande\AppData\Roaming\Mozilla\Firefox\Profiles\fc063edh.default\cookies.sqlite ]
   .serving-sys.com [ C:\Users\ElCrotchoGrande\AppData\Roaming\Mozilla\Firefox\Profiles\fc063edh.default\cookies.sqlite ]
   .serving-sys.com [ C:\Users\ElCrotchoGrande\AppData\Roaming\Mozilla\Firefox\Profiles\fc063edh.default\cookies.sqlite ]
   .account.live.com [ C:\Users\ElCrotchoGrande\AppData\Roaming\Mozilla\Firefox\Profiles\fc063edh.default\cookies.sqlite ]
   .account.live.com [ C:\Users\ElCrotchoGrande\AppData\Roaming\Mozilla\Firefox\Profiles\fc063edh.default\cookies.sqlite ]
   .atdmt.com [ C:\Users\ElCrotchoGrande\AppData\Roaming\Mozilla\Firefox\Profiles\fc063edh.default\cookies.sqlite ]
   .atdmt.com [ C:\Users\ElCrotchoGrande\AppData\Roaming\Mozilla\Firefox\Profiles\fc063edh.default\cookies.sqlite ]

Trojan.Agent/Gen
   (x86) HKCR\idid
   (x86) HKCR\idid#op
   (x86) HKCR\idid#url1
   (x86) HKCR\idid#url2
   (x86) HKCR\idid#url3

Rogue.Agent/Gen
   (x86) HKLM\SOFTWARE\44367024
   (x86) HKLM\SOFTWARE\44367024#FirstRun

Rogue.SecurityTool
   C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security Tool.lnk
   C:\Users\Administrator\Start Menu\Programs\Security Tool.lnk

Trojan.Agent/Gen-Alureon
   (x86) HKLM\Software\H8SRT
   (x86) HKLM\Software\H8SRT#affid
   (x86) HKLM\Software\H8SRT#subid

Trojan.Agent/Gen-FakeAV
   C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\TEMP\JAR_CACHE4226177566808612633.TMP

Trojan.Agent/Gen-FraudLoad
   C:\WINDOWS\SYSWOW64\DWTT.MRO


MBAM Log
Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 6.0.6002 Service Pack 2

7/3/2011 4:40:19 PM
mbam-log-2011-07-03 (16-40-19).txt

Scan type: Full Scan (C:\|)
Objects scanned: 371285
Time elapsed: 1 hour(s), 34 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


DDS Log 1
.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 7.0.6002.18005  BrowserJavaVersion: 1.6.0_17
Run by Administrator at 16:42:33 on 2011-07-03
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.4094.1847 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\AEADISRV.EXE
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Windows\vVX1000.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\NETGEAR\WPN311\wlancfg5.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Google\Google Talk\googletalk.exe
C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.57\GoogleCrashHandler.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
C:\PROGRA~2\AVG\AVG10\avgrsa.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
BHO: {01b78150-101e-495d-9677-d20adb4410e7} - C:\Windows\SysWow64\authfwcfg32.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MI1933~1\Office14\GROOVEEX.DLL
BHO: ZoneAlarm Toolbar Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: ZoneAlarm Toolbar: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
uRun: [Google Update] "C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
mRun: [SoundTray] "C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
mRun: [googletalk] "C:\Program Files (x86)\Google\Google Talk\googletalk.exe" /autostart
mRun: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe"
mRun: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
StartupFolder: C:\Users\ADMINI~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WPN311\wlancfg5.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MI1933~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Trusted Zone: uta.edu\www
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpn01outside.uta.edu/CACHE/stc/8/binaries/vpnweb.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 207.69.188.186 207.69.188.187
TCP: Interfaces\{DAEFBC85-A33C-4670-9ECB-51258E44DAED} : DhcpNameServer = 207.69.188.186 207.69.188.187
TCP: Interfaces\{EC4BA76B-E820-4B6A-B826-25EEAAFC90F7} : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MI1933~1\Office14\GROOVEEX.DLL
C:\Windows\SysWow64\authfwcfg32.dll
BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64:     AcroIEHelperStub - No File
BHO-X64: Skype add-on (mastermind): {22BF

[SuperDave]

This next tool will not run with AVG on your computer. You can uninstall it, run the scan and re-install it afterwards or you can use one of the other free AV's from the list below.

Remember to only install one antivirus!
 
1) Avast! Home Edition
2) AVG Free Edition
3) Avira AntiVir Personal
4) Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download
4-a) Microsoft Security Essentials for Windows XP
5) Comodo Antivirus (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
6) PC Tools AntiVirus Free Edition

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.
******************************************************

Download ComboFix by sUBs from one of the below links.  Be sure to save it to the Desktop.

link # 1
Link # 2
If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Right-click combofix.exe and select Run as Administrator and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix login your next reply.

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.

[mpalmerbio]

ComboFix 11-06-29.06 - Administrator 07/04/2011   1:52.1.4 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.4094.2523 [GMT -5:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
   /wow section - STAGE 50
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The system cannot find the file LockedB.
The system cannot find the file lockedB.
'.d.a.1.a.3.f.f.' is not recognized as an internal or external command
'.0.\\.' is not recognized as an internal or external command
The system cannot find the file LockedB.
The system cannot find the file LockedB.
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Administrator\AppData\Roaming\Adobe\plugs\mmc93.exe
c:\users\ElCrotchoGrande\AppData\Local\Microsoft\Windows\Temporary Internet Files\{142CE98E-4383-40B2-B32B-3F9E3129F78B}.xps
c:\users\ElCrotchoGrande\AppData\Local\Microsoft\Windows\Temporary Internet Files\{AF0F6F7A-8473-4C25-B0BD-AF04DAD52BEB}.xps
C:\XESDE3E.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2011-06-04 to 2011-07-04  )))))))))))))))))))))))))))))))
.
.
2011-07-04 07:02 . 2011-07-04 07:02   --------   d-----w-   c:\users\Default\AppData\Local\temp
2011-07-04 07:02 . 2011-07-04 07:02   --------   d-----w-   c:\users\ElCrotchoGrande\AppData\Local\temp
2011-07-04 06:25 . 2011-07-04 06:25   --------   d-----w-   c:\users\Administrator\AppData\Local\{FDA67BB7-C829-4E61-A7EE-DE19F5EA4C2F}
2011-07-03 03:41 . 2011-07-03 03:41   --------   d-----w-   c:\users\Administrator\AppData\Roaming\SUPERAntiSpyware.com
2011-07-03 03:41 . 2011-07-03 03:41   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
2011-07-03 03:41 . 2011-07-03 03:41   --------   d-----w-   c:\programdata\!SASCORE
2011-07-03 03:41 . 2011-07-03 03:41   --------   d-----w-   c:\program files\SUPERAntiSpyware
2011-07-03 03:00 . 2011-07-03 16:20   --------   d-----w-   c:\users\Administrator\AppData\Local\{6FFF63FC-4DF0-4E32-8A8B-D18F4EEE1CFA}
2011-07-02 06:51 . 2011-07-02 06:51   --------   d-----w-   c:\program files (x86)\Microsoft SQL Server
2011-07-02 06:51 . 2011-07-02 06:51   --------   d-----w-   c:\program files\Microsoft Synchronization Services
2011-07-02 06:51 . 2011-07-02 06:51   --------   d-----w-   c:\program files\Microsoft SQL Server Compact Edition
2011-07-02 06:46 . 2011-07-02 06:52   --------   d-----w-   c:\program files (x86)\Microsoft Visual Studio 10.0
2011-07-02 06:45 . 2011-07-02 06:45   --------   d-----w-   c:\windows\symbols
2011-07-02 06:45 . 2011-07-02 06:45   --------   d-----w-   c:\program files\Microsoft Visual Studio 10.0
2011-07-02 06:45 . 2011-07-02 06:45   --------   d-----w-   c:\program files\Microsoft Help Viewer
2011-07-02 06:45 . 2011-07-02 06:45   --------   d-----w-   c:\program files (x86)\Microsoft SDKs
2011-07-02 06:31 . 2011-07-02 06:31   --------   d-----w-   c:\users\Administrator\AppData\Local\Microsoft Games
2011-07-02 05:32 . 2011-07-02 05:32   --------   d-----w-   c:\users\Administrator\AppData\Local\{DB895FD4-7E4C-43A9-AF2D-75CACE984F40}
2011-07-02 04:12 . 2011-07-02 04:12   --------   d-----w-   c:\users\Administrator\AppData\Local\{60421F88-BA0B-40C2-B03D-27A371266629}
2011-07-01 00:28 . 2011-07-01 00:28   --------   d-----w-   c:\users\Administrator\AppData\Local\{BB2468BD-8CAE-4168-890B-4679F6A28E16}
2011-06-30 05:09 . 2011-06-30 05:09   --------   d-----w-   c:\users\Administrator\AppData\Local\{8E719D41-BBE0-455A-A6DB-A944A92F4F0B}
2011-06-30 05:02 . 2011-06-30 05:02   --------   d-----w-   c:\users\Administrator\AppData\Roaming\AVG10
2011-06-30 04:58 . 2011-06-30 04:58   --------   d--h--w-   c:\programdata\Common Files
2011-06-30 04:56 . 2011-07-04 06:42   --------   d-----w-   c:\programdata\AVG10
2011-06-30 04:55 . 2011-06-30 04:55   --------   d-----w-   c:\program files (x86)\AVG
2011-06-30 04:54 . 2011-07-04 06:39   --------   d-----w-   c:\programdata\MFAData
2011-06-30 04:41 . 2011-04-29 16:15   344576   ----a-w-   c:\windows\system32\schannel.dll
2011-06-30 04:41 . 2011-04-29 15:59   276992   ----a-w-   c:\windows\SysWow64\schannel.dll
2011-06-28 03:39 . 2011-06-28 03:39   --------   d-----w-   c:\users\Administrator\AppData\Local\{E444FA4F-2A3C-4AE1-A120-B6660249E676}
2011-06-28 02:44 . 2011-06-28 02:44   --------   d-----w-   c:\users\Administrator\AppData\Local\Secunia PSI
2011-06-28 02:44 . 2011-06-28 02:44   --------   d-----w-   c:\program files (x86)\Secunia
2011-06-28 01:50 . 2011-06-28 01:50   0   ---ha-w-   c:\users\Administrator\AppData\Local\BIT9B3.tmp
2011-06-28 01:48 . 2011-06-28 01:48   0   ---ha-w-   c:\users\Administrator\AppData\Local\BIT34C5.tmp
2011-06-22 02:09 . 2011-06-22 02:09   --------   d-----w-   c:\program files (x86)\Common Files\Adobe AIR
2011-06-22 02:08 . 2011-06-22 02:08   --------   d-----w-   c:\programdata\McAfee
2011-06-22 02:08 . 2011-06-22 02:08   --------   d-----w-   c:\programdata\McAfee Security Scan
2011-06-22 02:08 . 2011-06-22 02:08   --------   d-----w-   c:\program files (x86)\McAfee Security Scan
2011-06-22 02:08 . 2011-06-22 02:08   --------   d-----w-   c:\programdata\NOS
2011-06-22 02:08 . 2011-06-22 02:08   --------   d-----w-   c:\program files (x86)\NOS
2011-06-22 00:00 . 2011-06-22 00:00   --------   d-----w-   c:\users\Administrator\AppData\Local\{91D2AFC3-4095-48E9-8F93-571D754F7354}
2011-06-21 00:18 . 2011-06-21 00:18   --------   d-----w-   c:\users\Administrator\AppData\Local\{202B345F-B353-4F6C-B677-0D7A3E52E25B}
2011-06-19 18:53 . 2011-06-19 18:53   --------   d-----w-   c:\users\Administrator\AppData\Local\MigWiz
2011-06-19 17:20 . 2011-06-20 05:21   --------   d-----w-   c:\users\Administrator\AppData\Local\{D37DD5B0-4329-4C72-B73B-68D7AF3173F1}
2011-06-19 06:27 . 2011-06-19 06:27   --------   d-----w-   c:\users\Administrator\AppData\Local\{28964A9E-21EE-42B6-92B1-2F3C0E00883C}
2011-06-19 06:16 . 2011-06-19 06:16   --------   d-----w-   c:\users\Administrator\AppData\Local\{6FC31AE8-09EF-4ADE-AB25-D1375297C711}
2011-06-18 15:35 . 2011-06-18 15:35   --------   d-----w-   c:\users\Administrator\AppData\Local\{897A20EA-FE4E-43DE-BEF3-66A73224AD7E}
2011-06-17 22:59 . 2011-06-17 22:59   --------   d-----w-   c:\users\Administrator\AppData\Local\{12031539-0C28-45E7-AAC4-029420F9BD47}
2011-06-16 15:18 . 2011-06-17 03:19   --------   d-----w-   c:\users\Administrator\AppData\Local\{70114B20-C558-474A-AAAD-7472FC695CB9}
2011-06-16 03:18 . 2011-06-16 03:18   --------   d-----w-   c:\users\Administrator\AppData\Local\{5E620BF2-D86D-4F11-8398-E1343EBBACA4}
2011-06-15 03:33 . 2011-06-15 03:33   --------   d-----w-   c:\program files (x86)\Electronic Arts
2011-06-15 01:58 . 2011-06-15 01:58   --------   d-----w-   c:\users\Administrator\AppData\Local\{C890026A-D663-4CA1-BD13-3A6A9C257CD1}
2011-06-14 01:37 . 2011-06-14 01:37   --------   d-----w-   c:\users\Administrator\AppData\Local\{0D67C496-F950-4538-A692-5E9932B2FFCA}
2011-06-13 05:57 . 2011-06-13 05:57   --------   d-----w-   c:\users\Administrator\AppData\Local\{39B718BA-4F53-423E-96B6-891608A28AFF}
2011-06-11 17:56 . 2011-06-12 17:57   --------   d-----w-   c:\users\Administrator\AppData\Local\{C654BAA6-016B-4536-8DE1-01BE0583536A}
2011-06-11 01:22 . 2011-06-11 01:22   --------   d-----w-   c:\users\Administrator\AppData\Local\{2FCE4BAB-BAC8-42B4-A801-2C3110E505F2}
2011-06-10 01:09 . 2011-06-10 01:09   --------   d-----w-   c:\users\Administrator\AppData\Local\{FCAA4186-8733-4A2E-A829-2C0E77EB1C91}
2011-06-09 03:24 . 2011-06-09 03:24   --------   d-----w-   c:\users\Administrator\AppData\Local\{6017BF6D-FEA5-4754-BD32-68DF1ECE8E6E}
2011-06-08 03:09 . 2011-06-08 03:09   --------   d-----w-   c:\users\Administrator\AppData\Local\{DFFB28BE-4018-447C-B324-8CD0DB720C15}
2011-06-07 02:54 . 2011-06-07 02:55   --------   d-----w-   c:\users\Administrator\AppData\Local\{26232B9E-42FC-428C-BDF4-F1E98CB3A2D6}
2011-06-06 17:55 . 2011-06-06 17:55   183696   ----a-w-   c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-06-06 17:55 . 2011-06-06 17:55   183696   ----a-w-   c:\program files (x86)\Internet Explorer\PLUGINS\nppdf32.dll
2011-06-05 12:43 . 2011-06-06 03:45   --------   d-----w-   c:\users\Administrator\AppData\Local\{2C1B0729-3850-47BD-90C0-54B8E80DAB64}
2011-06-05 03:57 . 2011-06-05 03:57   --------   d-----w-   c:\program files (x86)\Application
2011-06-05 03:57 . 2011-06-05 03:57   --------   d-----w-   c:\program files (x86)\Hanes T-ShirtMaker Lite
2011-06-04 22:52 . 2011-06-04 22:52   --------   d-----w-   c:\users\Administrator\AppData\Local\{AA4E5A5F-2C01-4E0B-9074-BBF3680BA58F}
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-03 08:09 . 2011-07-02 06:49   188128   ----a-w-   c:\programdata\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll
2011-04-11 08:21 . 2011-04-30 04:22   8802128   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{7F0923DB-2E25-4B6C-95EF-0D8F7E5598EA}\mpengine.dll
2009-12-06 04:58 . 2009-12-06 04:58   42655   ----a-w-   c:\program files (x86)\Common Files\akkg4.exe
2009-12-06 04:58 . 2009-12-06 04:58   43169   ----a-w-   c:\program files (x86)\Common Files\insta4.exe
2009-12-06 04:58 . 2009-12-06 04:58   323584   ----a-w-   c:\program files (x86)\Common Files\SetupMenu4.exe
2009-12-06 04:55 . 2009-12-06 04:55   42709   ----a-w-   c:\program files (x86)\Common Files\akkg3.exe
2009-12-06 04:55 . 2009-12-06 04:55   42729   ----a-w-   c:\program files (x86)\Common Files\insta3.exe
2009-12-06 04:55 . 2009-12-06 04:55   323584   ----a-w-   c:\program files (x86)\Common Files\SetupMenu3.exe
2009-12-06 04:53 . 2009-12-06 04:53   42944   ----a-w-   c:\program files (x86)\Common Files\akkg2.exe
2009-12-06 04:53 . 2009-12-06 04:53   323584   ----a-w-   c:\program files (x86)\Common Files\SetupMenu2.exe
2009-12-06 04:53 . 2009-12-06 04:53   43003   ----a-w-   c:\program files (x86)\Common Files\insta2.exe
2009-12-06 04:52 . 2009-12-06 04:52   323584   ----a-w-   c:\program files (x86)\Common Files\SetupMenu1.exe
2009-12-06 04:49 . 2009-12-06 04:49   323584   ----a-w-   c:\program files (x86)\Common Files\SetupMenu.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2008-11-19 21633320]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-16 147456]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SoundTray"="c:\program files (x86)\Analog Devices\SoundMAX\SoundTray.exe" [2008-03-26 143360]
"SunJavaUpdateSched"="c:\program files (x86)\Java\jre6\bin\jusched.exe" [2010-01-09 149280]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2008-06-29 52168]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"googletalk"="c:\program files (x86)\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"ZoneAlarm Client"="c:\program files (x86)\Zone Labs\ZoneAlarm\zlclient.exe" [2009-11-22 1037192]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2008-03-16 1302528]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-09-08 421888]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
c:\users\ElCrotchoGrande\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2009-5-6 576000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
NETGEAR WPN311 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WPN311\wlancfg5.exe [2007-4-10 1695744]
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-4-19 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R1 vcdrom;Virtual CD-ROM Device Driver;h:\xpvirtual\VCdRom.sys

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-01 135664]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-04-19 993848]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-01 135664]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2008-01-21 27648]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys

R3 vsdatant7;vsdatant7;c:\windows\system32\drivers\vsdatant.win7.sys

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-05-04 128384]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2009-10-14 32888]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2009-10-14 800624]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-04-19 399416]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-09 248936]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2010-08-16 592120]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x64.sys

.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper   REG_MULTI_SZ      nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-01 22:25]
.
2011-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-01 22:25]
.
2011-07-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2155346411-3799496798-2464146646-500Core.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-16 16:10]
.
2011-07-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2155346411-3799496798-2464146646-500UA.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-16 16:10]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-21 2184520]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2009-10-14 1114992]
"VX1000"="c:\windows\vVX1000.exe" [2010-05-20 762736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = %SystemRoot%\system32\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MI1933~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
Trusted Zone: uta.edu\www
TCP: DhcpNameServer = 207.69.188.186 207.69.188.187
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpn01outside.uta.edu/CACHE/stc/8/binaries/vpnweb.cab
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: ZoneAlarm Toolbar: {FFB96CC1-7EB3-449D-B827-DB661701C6BB} - c:\program files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: XUL Cache: {b58e8429-272c-4d02-9e0c-a6f82a60ed3f} - %profile%\extensions\{b58e8429-272c-4d02-9e0c-a6f82a60ed3f}
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{01B78150-101E-495D-9677-D20ADB4410E7} - c:\windows\SysWow64\authfwcfg32.dll
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
AddRemove-YInstHelper - c:\windows\system32\regsvr32
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2155346411-3799496798-2464146646-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-2155346411-3799496798-2464146646-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-2155346411-3799496798-2464146646-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-2155346411-3799496798-2464146646-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-2155346411-3799496798-2464146646-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-2155346411-3799496798-2464146646-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-2155346411-3799496798-2464146646-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="avifile"
.
[HKEY_USERS\S-1-5-21-2155346411-3799496798-2464146646-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"
.
[HKEY_USERS\S-1-5-21-2155346411-3799496798-2464146646-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.divx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\vlc.exe"
.
[HKEY_USERS\S-1-5-21-2155346411-3799496798-2464146646-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\PhotoSnapViewer.exe"
.
[HKEY_USERS\S-1-5-21-2155346411-3799496798-2464146646-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-2155346411-3799496798-2464146646-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-2155346411-3799496798-2464146646-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iso\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\VCdControlTool.exe"
.
[HKEY_USERS\S-1-5-21-2155346411-3799496798-2464146646-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2155346411-3799496798-2464146646-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2155346411-3799496798-2464146646-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M3U"
.
[HKEY_USERS\S-1-5-21-2155346411-3799496798-2464146646-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.m4a"
.
[HKEY_USERS\S-1-5-21-2155346411-3799496798-2464146646-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mdf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\VCDMount.exe"
.
[HKEY_USERS\S-1-5-21-2155346411-3799496798-2464146646-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-2155346411-3799496798-2464146646-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-2155346411-3799496798-2464146646-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2155346411-3799496798-2464146646-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOV\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mov"
.
[HKEY_USERS\S-1-5-21-2155346411-3799496798-2464146646-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2155346411-3799496798-2464146646-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2155346411-3799496798-2464146646-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mp3"
.
[HKEY_USERS\S-1-5-21-2155346411-3799496798-2464146646-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mp4"
.
[HKEY_USERS\S-1-5-21-2155346411-3799496798-2464146646-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2155346411-3799496798-2464146646-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2155346411-3799496798-2464146646-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2155346411-3799496798-2464146646-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2155346411-3799496798-2464146646-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2155346411-3799496798-2464146646-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-2155346411-3799496798-2464146646-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-2155346411-3799496798-2464146646-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-2155346411-3799496798-2464146646-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"
.
[HKEY_USERS\S-1-5-21-2155346411-3799496798-2464146646-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"
.
[HKEY_USERS\S-1-5-21-2155346411-3799496798-2464146646-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-2155346411-3799496798-2464146646-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"
.
[HKEY_USERS\S-1-5-21-2155346411-3799496798-2464146646-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
.
[HKEY_USERS\S-1-5-21-2155346411-3799496798-2464146646-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\S-1-5-21-2155346411-3799496798-2464146646-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMV"
.
[HKEY_USERS\S-1-5-21-2155346411-3799496798-2464146646-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-2155346411-3799496798-2464146646-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\S-1-5-21-2155346411-3799496798-2464146646-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-2155346411-3799496798-2464146646-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"
.
[HKEY_USERS\S-1-5-21-2155346411-3799496798-2464146646-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-2155346411-3799496798-2464146646-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
.
**************************************************************************
.
Completion time: 2011-07-04  02:17:01 - machine was rebooted
ComboFix-quarantined-files.txt  2011-07-04 07:17
.
Pre-Run: 262,339,104,768 bytes free
Post-Run: 264,592,781,312 bytes free
.
Current=6 Default=6 Failed=92 LastKnownGood=3 Sets=1,2,3,6,7,92
- - End Of File - - 6FCFC941CC855BAABA17EB4A868881B7

[SuperDave]

Re-running ComboFix to remove infections:

• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Open notepad and copy/paste the text in the quotebox below into it:
  

  KillAll::
  
  Firefox::
  Trusted Zone: uta.edu\www
  FF - Ext: XUL Cache: {b58e8429-272c-4d02-9e0c-a6f82a60ed3f} - %profile%\extensions\{b58e8429-272c-4d02-9e0c-a6f82a60ed3f}
  
  
• Save this as CFScript.txt, in the same location as ComboFix.exe
  
  
  
  
• Referring to the picture above, drag CFScript into ComboFix.exe
• When finished, it shall produce a log for you at C:\ComboFix.txt
  
• Please post the contents of the log in your next reply.

****************************************************
Please download Rooter and Save it to your desktop.

• Double click it to start the tool.Vista and Windows7 run as administrator.
• Click Scan.
  
• Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.
  

[mpalmerbio]

ComboFix 11-07-06.05 - Administrator 07/06/2011  21:51:17.3.4 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.4094.2577 [GMT -5:00]
Running from: c:\users\Administrator\Desktop\ComboFix2.exe
Command switches used :: c:\users\Administrator\Desktop\CFScript.txt
FW: ZoneAlarm Firewall *Enabled* {EE2E17FA-9876-3544-62EC-0405AD5FFB20}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\o5u43co1a1n638vju58hm7ye2rvoto7dfp73q2oqcv1l
c:\programdata\sysReserve.ini
c:\users\Administrator\AppData\Local\o5u43co1a1n638vju58hm7ye2rvoto7dfp73q2oqcv1l
c:\users\Administrator\AppData\Roaming\Adobe\plugs
c:\users\Administrator\AppData\Roaming\Adobe\plugs\mmc98795854.txt
c:\users\Administrator\AppData\Roaming\Adobe\shed
c:\users\Administrator\AppData\Roaming\Adobe\shed\thr1.chm
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\o5u43co1a1n638vju58hm7ye2rvoto7dfp73q2oqcv1l
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\extensions\{b58e8429-272c-4d02-9e0c-a6f82a60ed3f}
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\extensions\{b58e8429-272c-4d02-9e0c-a6f82a60ed3f}\chrome.manifest
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\extensions\{b58e8429-272c-4d02-9e0c-a6f82a60ed3f}\chrome\xulcache.jar
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\extensions\{b58e8429-272c-4d02-9e0c-a6f82a60ed3f}\defaults\preferences\xulcache.js
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\extensions\{b58e8429-272c-4d02-9e0c-a6f82a60ed3f}\install.rdf
c:\users\ElCrotchoGrande\AppData\Roaming\Mozilla\Firefox\Profiles\fc063edh.default\extensions\{b58e8429-272c-4d02-9e0c-a6f82a60ed3f}
c:\users\ElCrotchoGrande\AppData\Roaming\Mozilla\Firefox\Profiles\fc063edh.default\extensions\{b58e8429-272c-4d02-9e0c-a6f82a60ed3f}\chrome.manifest
c:\users\ElCrotchoGrande\AppData\Roaming\Mozilla\Firefox\Profiles\fc063edh.default\extensions\{b58e8429-272c-4d02-9e0c-a6f82a60ed3f}\chrome\xulcache.jar
c:\users\ElCrotchoGrande\AppData\Roaming\Mozilla\Firefox\Profiles\fc063edh.default\extensions\{b58e8429-272c-4d02-9e0c-a6f82a60ed3f}\defaults\preferences\xulcache.js
c:\users\ElCrotchoGrande\AppData\Roaming\Mozilla\Firefox\Profiles\fc063edh.default\extensions\{b58e8429-272c-4d02-9e0c-a6f82a60ed3f}\install.rdf
c:\windows\SysWow64\helper32.dll
c:\windows\SysWow64\IS15.exe
c:\windows\SysWow64\warning.html
.
.
(((((((((((((((((((((((((   Files Created from 2011-06-07 to 2011-07-07  )))))))))))))))))))))))))))))))
.
.
2011-07-07 02:58 . 2011-07-07 02:58   --------   d-----w-   c:\users\ElCrotchoGrande\AppData\Local\temp
2011-07-07 02:58 . 2011-07-07 02:58   --------   d-----w-   c:\users\Default\AppData\Local\temp
2011-07-07 02:45 . 2011-07-07 02:45   --------   d-----w-   C:\32788R22FWJFW
2011-07-07 02:39 . 2011-07-07 02:39   --------   d-----w-   c:\users\Administrator\AppData\Local\{46D7DC84-3225-4597-8714-F330BE511742}
2011-07-06 03:31 . 2011-07-06 03:31   --------   d-----w-   c:\users\Administrator\AppData\Local\{D3559ECC-8C82-4FFD-82BE-70A988657925}
2011-07-05 04:10 . 2011-07-05 04:10   --------   d-----w-   c:\users\Administrator\AppData\Local\{430EDE5C-A165-4402-8860-0D9389CC3CF3}
2011-07-04 06:25 . 2011-07-04 06:25   --------   d-----w-   c:\users\Administrator\AppData\Local\{FDA67BB7-C829-4E61-A7EE-DE19F5EA4C2F}
2011-07-03 03:41 . 2011-07-03 03:41   --------   d-----w-   c:\users\Administrator\AppData\Roaming\SUPERAntiSpyware.com
2011-07-03 03:41 . 2011-07-03 03:41   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
2011-07-03 03:41 . 2011-07-03 03:41   --------   d-----w-   c:\programdata\!SASCORE
2011-07-03 03:41 . 2011-07-03 03:41   --------   d-----w-   c:\program files\SUPERAntiSpyware
2011-07-03 03:00 . 2011-07-03 16:20   --------   d-----w-   c:\users\Administrator\AppData\Local\{6FFF63FC-4DF0-4E32-8A8B-D18F4EEE1CFA}
2011-07-02 06:51 . 2011-07-02 06:51   --------   d-----w-   c:\program files (x86)\Microsoft SQL Server
2011-07-02 06:51 . 2011-07-02 06:51   --------   d-----w-   c:\program files\Microsoft Synchronization Services
2011-07-02 06:51 . 2011-07-02 06:51   --------   d-----w-   c:\program files\Microsoft SQL Server Compact Edition
2011-07-02 06:46 . 2011-07-02 06:52   --------   d-----w-   c:\program files (x86)\Microsoft Visual Studio 10.0
2011-07-02 06:45 . 2011-07-02 06:45   --------   d-----w-   c:\windows\symbols
2011-07-02 06:45 . 2011-07-02 06:45   --------   d-----w-   c:\program files\Microsoft Visual Studio 10.0
2011-07-02 06:45 . 2011-07-02 06:45   --------   d-----w-   c:\program files\Microsoft Help Viewer
2011-07-02 06:45 . 2011-07-02 06:45   --------   d-----w-   c:\program files (x86)\Microsoft SDKs
2011-07-02 06:31 . 2011-07-05 06:54   --------   d-----w-   c:\users\Administrator\AppData\Local\Microsoft Games
2011-07-02 05:32 . 2011-07-02 05:32   --------   d-----w-   c:\users\Administrator\AppData\Local\{DB895FD4-7E4C-43A9-AF2D-75CACE984F40}
2011-07-02 04:12 . 2011-07-02 04:12   --------   d-----w-   c:\users\Administrator\AppData\Local\{60421F88-BA0B-40C2-B03D-27A371266629}
2011-07-01 00:28 . 2011-07-01 00:28   --------   d-----w-   c:\users\Administrator\AppData\Local\{BB2468BD-8CAE-4168-890B-4679F6A28E16}
2011-06-30 05:09 . 2011-06-30 05:09   --------   d-----w-   c:\users\Administrator\AppData\Local\{8E719D41-BBE0-455A-A6DB-A944A92F4F0B}
2011-06-30 05:02 . 2011-06-30 05:02   --------   d-----w-   c:\users\Administrator\AppData\Roaming\AVG10
2011-06-30 04:58 . 2011-06-30 04:58   --------   d--h--w-   c:\programdata\Common Files
2011-06-30 04:56 . 2011-07-04 06:42   --------   d-----w-   c:\programdata\AVG10
2011-06-30 04:55 . 2011-06-30 04:55   --------   d-----w-   c:\program files (x86)\AVG
2011-06-30 04:54 . 2011-07-04 06:39   --------   d-----w-   c:\programdata\MFAData
2011-06-30 04:41 . 2011-04-29 16:15   344576   ----a-w-   c:\windows\system32\schannel.dll
2011-06-30 04:41 . 2011-04-29 15:59   276992   ----a-w-   c:\windows\SysWow64\schannel.dll
2011-06-28 03:39 . 2011-06-28 03:39   --------   d-----w-   c:\users\Administrator\AppData\Local\{E444FA4F-2A3C-4AE1-A120-B6660249E676}
2011-06-28 02:44 . 2011-06-28 02:44   --------   d-----w-   c:\users\Administrator\AppData\Local\Secunia PSI
2011-06-28 02:44 . 2011-06-28 02:44   --------   d-----w-   c:\program files (x86)\Secunia
2011-06-28 01:50 . 2011-06-28 01:50   0   ---ha-w-   c:\users\Administrator\AppData\Local\BIT9B3.tmp
2011-06-28 01:48 . 2011-06-28 01:48   0   ---ha-w-   c:\users\Administrator\AppData\Local\BIT34C5.tmp
2011-06-22 02:09 . 2011-06-22 02:09   --------   d-----w-   c:\program files (x86)\Common Files\Adobe AIR
2011-06-22 02:08 . 2011-06-22 02:08   --------   d-----w-   c:\programdata\McAfee
2011-06-22 02:08 . 2011-06-22 02:08   --------   d-----w-   c:\programdata\McAfee Security Scan
2011-06-22 02:08 . 2011-06-22 02:08   --------   d-----w-   c:\program files (x86)\McAfee Security Scan
2011-06-22 02:08 . 2011-06-22 02:08   --------   d-----w-   c:\programdata\NOS
2011-06-22 02:08 . 2011-06-22 02:08   --------   d-----w-   c:\program files (x86)\NOS
2011-06-22 00:00 . 2011-06-22 00:00   --------   d-----w-   c:\users\Administrator\AppData\Local\{91D2AFC3-4095-48E9-8F93-571D754F7354}
2011-06-21 00:18 . 2011-06-21 00:18   --------   d-----w-   c:\users\Administrator\AppData\Local\{202B345F-B353-4F6C-B677-0D7A3E52E25B}
2011-06-19 18:53 . 2011-06-19 18:53   --------   d-----w-   c:\users\Administrator\AppData\Local\MigWiz
2011-06-19 17:20 . 2011-06-20 05:21   --------   d-----w-   c:\users\Administrator\AppData\Local\{D37DD5B0-4329-4C72-B73B-68D7AF3173F1}
2011-06-19 06:27 . 2011-06-19 06:27   --------   d-----w-   c:\users\Administrator\AppData\Local\{28964A9E-21EE-42B6-92B1-2F3C0E00883C}
2011-06-19 06:16 . 2011-06-19 06:16   --------   d-----w-   c:\users\Administrator\AppData\Local\{6FC31AE8-09EF-4ADE-AB25-D1375297C711}
2011-06-18 15:35 . 2011-06-18 15:35   --------   d-----w-   c:\users\Administrator\AppData\Local\{897A20EA-FE4E-43DE-BEF3-66A73224AD7E}
2011-06-17 22:59 . 2011-06-17 22:59   --------   d-----w-   c:\users\Administrator\AppData\Local\{12031539-0C28-45E7-AAC4-029420F9BD47}
2011-06-16 15:18 . 2011-06-17 03:19   --------   d-----w-   c:\users\Administrator\AppData\Local\{70114B20-C558-474A-AAAD-7472FC695CB9}
2011-06-16 03:18 . 2011-06-16 03:18   --------   d-----w-   c:\users\Administrator\AppData\Local\{5E620BF2-D86D-4F11-8398-E1343EBBACA4}
2011-06-15 03:33 . 2011-06-15 03:33   --------   d-----w-   c:\program files (x86)\Electronic Arts
2011-06-15 01:58 . 2011-06-15 01:58   --------   d-----w-   c:\users\Administrator\AppData\Local\{C890026A-D663-4CA1-BD13-3A6A9C257CD1}
2011-06-14 01:37 . 2011-06-14 01:37   --------   d-----w-   c:\users\Administrator\AppData\Local\{0D67C496-F950-4538-A692-5E9932B2FFCA}
2011-06-13 05:57 . 2011-06-13 05:57   --------   d-----w-   c:\users\Administrator\AppData\Local\{39B718BA-4F53-423E-96B6-891608A28AFF}
2011-06-11 17:56 . 2011-06-12 17:57   --------   d-----w-   c:\users\Administrator\AppData\Local\{C654BAA6-016B-4536-8DE1-01BE0583536A}
2011-06-11 01:22 . 2011-06-11 01:22   --------   d-----w-   c:\users\Administrator\AppData\Local\{2FCE4BAB-BAC8-42B4-A801-2C3110E505F2}
2011-06-10 01:09 . 2011-06-10 01:09   --------   d-----w-   c:\users\Administrator\AppData\Local\{FCAA4186-8733-4A2E-A829-2C0E77EB1C91}
2011-06-09 03:24 . 2011-06-09 03:24   --------   d-----w-   c:\users\Administrator\AppData\Local\{6017BF6D-FEA5-4754-BD32-68DF1ECE8E6E}
2011-06-08 03:09 . 2011-06-08 03:09   --------   d-----w-   c:\users\Administrator\AppData\Local\{DFFB28BE-4018-447C-B324-8CD0DB720C15}
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-03 08:09 . 2011-07-02 06:49   188128   ----a-w-   c:\programdata\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll
2011-04-11 08:21 . 2011-04-30 04:22   8802128   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{7F0923DB-2E25-4B6C-95EF-0D8F7E5598EA}\mpengine.dll
2009-12-06 04:58 . 2009-12-06 04:58   42655   ----a-w-   c:\program files (x86)\Common Files\akkg4.exe
2009-12-06 04:58 . 2009-12-06 04:58   43169   ----a-w-   c:\program files (x86)\Common Files\insta4.exe
2009-12-06 04:58 . 2009-12-06 04:58   323584   ----a-w-   c:\program files (x86)\Common Files\SetupMenu4.exe
2009-12-06 04:55 . 2009-12-06 04:55   42709   ----a-w-   c:\program files (x86)\Common Files\akkg3.exe
2009-12-06 04:55 . 2009-12-06 04:55   42729   ----a-w-   c:\program files (x86)\Common Files\insta3.exe
2009-12-06 04:55 . 2009-12-06 04:55   323584   ----a-w-   c:\program files (x86)\Common Files\SetupMenu3.exe
2009-12-06 04:53 . 2009-12-06 04:53   42944   ----a-w-   c:\program files (x86)\Common Files\akkg2.exe
2009-12-06 04:53 . 2009-12-06 04:53   323584   ----a-w-   c:\program files (x86)\Common Files\SetupMenu2.exe
2009-12-06 04:53 . 2009-12-06 04:53   43003   ----a-w-   c:\program files (x86)\Common Files\insta2.exe
2009-12-06 04:52 . 2009-12-06 04:52   323584   ----a-w-   c:\program files (x86)\Common Files\SetupMenu1.exe
2009-12-06 04:49 . 2009-12-06 04:49   323584   ----a-w-   c:\program files (x86)\Common Files\SetupMenu.exe
.
.
(((((((((((((((((((((((((((((   SnapShot@2011-07-04_07.08.45   )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 03:20 . 2011-07-07 03:01   16384              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-01-21 03:20 . 2011-07-04 07:06   16384              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-01-21 03:20 . 2011-07-04 07:06   81920              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-21 03:20 . 2011-07-07 03:01   81920              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-21 03:20 . 2011-07-07 03:01   16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-01-21 03:20 . 2011-07-04 07:06   16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 02:23 . 2011-07-07 03:03   71692              c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:45 . 2011-07-07 02:39   84366              c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-12-29 09:15 . 2011-07-07 02:39   19272              c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2155346411-3799496798-2464146646-500_UserData.bin
- 2008-12-28 23:09 . 2011-07-04 06:27   16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-12-28 23:09 . 2011-07-07 02:42   16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-12-28 23:09 . 2011-07-07 02:42   32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-12-28 23:09 . 2011-07-04 06:27   32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-28 23:09 . 2011-07-07 02:42   16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-12-28 23:09 . 2011-07-04 06:27   16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-12-30 08:09 . 2011-07-05 03:46   16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-12-30 08:09 . 2011-07-03 22:31   16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-12-30 08:09 . 2011-07-03 22:31   16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-12-30 08:09 . 2011-07-05 03:46   16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-07-04 07:06 . 2011-07-04 07:06   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-07-07 03:00 . 2011-07-07 03:00   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-07-04 07:06 . 2011-07-04 07:06   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-07-07 03:00 . 2011-07-07 03:00   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-10-03 20:24 . 2011-07-07 02:59   431184              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2010-10-03 20:24 . 2011-07-04 07:04   431184              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-10-04 08:09 . 2011-07-07 02:59   4845164              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2155346411-3799496798-2464146646-500-12288.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{01B78150-101E-495D-9677-D20ADB4410E7}]
c:\windows\SysWow64\authfwcfg32.dll [BU]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2008-11-19 21633320]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-16 147456]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SoundTray"="c:\program files (x86)\Analog Devices\SoundMAX\SoundTray.exe" [2008-03-26 143360]
"SunJavaUpdateSched"="c:\program files (x86)\Java\jre6\bin\jusched.exe" [2010-01-09 149280]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2008-06-29 52168]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"googletalk"="c:\program files (x86)\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"ZoneAlarm Client"="c:\program files (x86)\Zone Labs\ZoneAlarm\zlclient.exe" [2009-11-22 1037192]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2008-03-16 1302528]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-09-08 421888]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
c:\users\ElCrotchoGrande\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2009-5-6 576000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
NETGEAR WPN311 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WPN311\wlancfg5.exe [2007-4-10 1695744]
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-4-19 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R1 vcdrom;Virtual CD-ROM Device Driver;h:\xpvirtual\VCdRom.sys

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-01 135664]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-04-19 993848]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-01 135664]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2008-01-21 27648]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys

R3 vsdatant7;vsdatant7;c:\windows\system32\drivers\vsdatant.win7.sys

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-05-04 128384]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2009-10-14 32888]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2009-10-14 800624]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-04-19 399416]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-09 248936]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2010-08-16 592120]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x64.sys

.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper   REG_MULTI_SZ      nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-01 22:25]
.
2011-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-01 22:25]
.
2011-07-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2155346411-3799496798-2464146646-500Core.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-16 16:10]
.
2011-07-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2155346411-3799496798-2464146646-500UA.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-16 16:10]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-21 2184520]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2009-10-14 1114992]
"VX1000"="c:\windows\vVX1000.exe" [2010-05-20 762736]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = %SystemRoot%\system32\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MI1933~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
Trusted Zone: uta.edu\www
TCP: DhcpNameServer = 207.69.188.186 207.69.188.187
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpn01outside.uta.edu/CACHE/stc/8/binaries/vpnweb.cab
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u6esfx2d.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: ZoneAlarm Toolbar: {FFB96CC1-7EB3-449D-B827-DB661701C6BB} - c:\program files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2155346411-3799496798-2464146646-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-2155346411-3799496798-2464146646-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-2155346411-3799496798-2464146646-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-2155346411-3799496798-2464146646-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-2155346411-3799496798-2464146646-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-2155346411-3799496798-2464146646-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-2155346411-3799496798-2464146646-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="avifile"
.
[HKEY_USERS\S-1-5-21-2155346411-3799496798-2464146646-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"
.
[HKEY_USERS\S-1-5-21-2155346411-3799496798-2464146646-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.divx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\vlc.exe"
.
[HKEY_USERS\S-1-5-21-2155346411-3799496798-2464146646-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\PhotoSnapViewer.exe"
.
[HKEY_USERS\S-1-5-21-2155346411-3799496798-2464146646-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-2155346411-3799496798-2464146646-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-2155346411-3799496798-2464146646-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iso\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\VCdControlTool.exe"
.
[HKEY_USERS\S-1-5-21-2155346411-3799496798-2464146646-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2155346411-3799496798-2464146646-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2155346411-3799496798-2464146646-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M3U"
.
[HKEY_USERS\S-1-5-21-2155346411-3799496798-2464146646-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.m4a"
.
[HKEY_USERS\S-1-5-21-2155346411-3799496798-2464146646-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mdf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\VCDMount.exe"
.
[HKEY_USERS\S-1-5-21-2155346411-3799496798-2464146646-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-2155346411-3799496798-2464146646-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-2155346411-3799496798-2464146646-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2155346411-3799496798-2464146646-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOV\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mov"
.
[HKEY_USERS\S-1-5-21-2155346411-3799496798-2464146646-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2155346411-3799496798-2464146646-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2155346411-3799496798-2464146646-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mp3"
.
[HKEY_USERS\S-1-5-21-2155346411-3799496798-2464146646-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mp4"
.
[HKEY_USERS\S-1-5-21-2155346411-3799496798-2464146646-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2155346411-3799496798-2464146646-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2155346411-3799496798-2464146646-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2155346411-3799496798-2464146646-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2155346411-3799496798-2464146646-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2155346411-3799496798-2464146646-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-2155346411-3799496798-2464146646-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-2155346411-3799496798-2464146646-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-2155346411-3799496798-2464146646-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"
.
[HKEY_USERS\S-1-5-21-2155346411-3799496798-2464146646-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"
.
[HKEY_USERS\S-1-5-21-2155346411-3799496798-2464146646-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-2155346411-3799496798-2464146646-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"
.
[HKEY_USERS\S-1-5-21-2155346411-3799496798-2464146646-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
.
[HKEY_USERS\S-1-5-21-2155346411-3799496798-2464146646-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\S-1-5-21-2155346411-3799496798-2464146646-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMV"
.
[HKEY_USERS\S-1-5-21-2155346411-3799496798-2464146646-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-2155346411-3799496798-2464146646-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\S-1-5-21-2155346411-3799496798-2464146646-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-2155346411-3799496798-2464146646-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"
.
[HKEY_USERS\S-1-5-21-2155346411-3799496798-2464146646-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-2155346411-3799496798-2464146646-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
.
**************************************************************************
.
Completion time: 2011-07-06  22:08:31 - machine was rebooted
ComboFix-quarantined-files.txt  2011-07-07 03:08
ComboFix2.txt  2011-07-04 07:17
.
Pre-Run: 264,395,669,504 bytes free
Post-Run: 264,338,587,648 bytes free
.
Current=6 Default=6 Failed=92 LastKnownGood=3 Sets=1,2,3,6,7,92
- - End Of File - - 6E299F927FEB4C71E936603327FD3F9A


[recovering disk space - old attachment deleted by admin]

[SuperDave]

Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
*****************************************************
Please download the Sophos Anti-Rootkit Scanner and save it to your desktop.

You will need to enter your name, e-mail address and location in order to access the download page.

• Once you have downloaded the file, double click the sarsfx icon
  
• Review the licence agreement and click on the Accept button
  
• The scanner will prompt you to extract the files to C:\SOPHTEMP - DO NOT change this location, simply click the Install button
  
  
• Once the files have been extracted; using Windows Explorer, navigate to C:\SOPHTEMP and double click on the blue shield icon called sargui
  
• Ensure that there are checkmarks next to Running processes, Windows registry and Local hard drives, then click Start scan
  
• Allow the program to scan your computer - please be patient as it may take some time
• Once the scan has completed a window will pop-up with the results of the scan - click OK to this
  
• In the main window, you will see each of the entries found by the scan (if any)
• If the scanner generated any warning messages, please click on each warning and copy and paste the text of it into this thread for me to review
• Once you have posted any warning messages here, you can close the scanner and wait for me to get back to you
• If you have not had any warnings, any entries which can be cleaned up by the scanner will have a box with a green checkmark in it next to the entry
• To clean up these entries click on the Clean up checked items button
  
• If you accidentally check a file NOT recommended for clean up, you will get a warning message and if necessary can re-select the entries you want to clean up
• Once you have cleaned the selected files, you will be prompted to re-boot your computer - please do so
• When you have re-booted,and tell me how your computer is running now

[mpalmerbio]

 Results of screen317's Security Check version 0.99.7 
 Windows Vista  (UAC is disabled!)
 Out of date service pack!![/b]
 Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
 Windows Firewall Disabled! 
 McAfee Security Scan Plus   
 ZoneAlarm     
 WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
 Malwarebytes' Anti-Malware   
 HijackThis 2.0.2   
 Java(TM) 6 Update 17 
 Java(TM) 6 Update 7 
 Java(TM) SE Development Kit 6 Update 17
 Out of date Java installed!
 Adobe Flash Player 10.1.102.64 
Adobe Reader 8.1.3
Adobe Reader X (10.1.0)
 Mozilla Firefox (3.0.19) Firefox Out of Date! 
````````````````````````````````
Process Check: 
objlist.exe by Laurent
 Zone Labs ZoneAlarm zlclient.exe 
``````````End of Log````````````


Looks great!!!

[SuperDave]

Your SP for Vista is out-of-date. Please get your updates from MS.

Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.

Were you able to run the Sophos AntiRootKit scanner? I don't see the log.

[mpalmerbio]

Hello,

There was no log- the program kept crashing. I will follow your further recommendations this week.

[SuperDave]

Ok. Please try this one.

Please download Rooter and Save it to your desktop.

• Double click it to start the tool.Vista and Windows7 run as administrator.
• Click Scan.
  
• Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.