Author Topic: Win32 MB Rootkit from XP Antispyware Virus (Read 30338 times)

strangerinchi · « **on:** December 13, 2011, 01:42:30 PM »

I don't know how but I was infected with XP Anti Spyware 2012 rogue software from what i think may have been an unsafe video streaming site. Well I deleted the main file of the software (gix.exe) from Application Data and I thought that had gotten rid of the virus, but afterwards the system slowly started getting slower and slower. Well the other day I discovered another part of the virus (YontooIEClient.dll) in the Program Files folder. I also found Win32/OpenCandy....Both were trojans. But even deleting that didn't cure the problem right away. Then I updated Spybot S&D and scanned with that and I found 87 entries infected, with at least 5-6 Trojans (Virtumonde.atr, Bredolab.fb, Win32.Adload.r, Fraud.Sysguard, Win32.TDSS.rtk and found two jobs, avwcbqig.job and ncszelwk.job running in the Tasks folder and 2 files in the sys32 folder; UACrkqwnsmsowbtdbo.log, tmp.log).
And I deleted all of the entries. For a while, the system seemed fine and then gradually, but quickly it became slow AGAIN and soon I was not able to log in properly as it froze at the desktop. I'm just wondering how to get rid of any replicating viruses for GOOD without having the pc serviced. I'm scanning with ESET at the moment and it's picking up more things (like OpenCandy trojan). What should I do? I do not have the funds at the moment. Thanks; your help is very much appreciated.

SuperDave · « **Reply #1 on:** December 13, 2011, 04:29:18 PM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
**********************************************

Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
**********************************************
Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
* Save both reports to your desktop.
* The instructions here ask you to attach the Attach.txt.

1) DDS.txt
2) Attach.txt
Instead of attaching, please copy/past both logs into your Thread

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.

•Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE .Then post your DDS logs. (DDS.txt and Attach.txt )

strangerinchi · « **Reply #2 on:** December 13, 2011, 06:15:22 PM »

Hi here are the logs for DDS and ATTACH scans, MBAM and Super Anti-Spyware scans coming soon, thank you for your help!

===========================================================

DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Run by Compaq_Administrator at 1:12:57 on 2011-12-12
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1982.1648 [GMT -6:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://home.sweetim.com
uSearch Page = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uSearch Bar = hxxp://safesearch.cyberdefender.com/smallsearch.html
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://home.sweetim.com
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
uURLSearchHooks: AOL Messaging Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
uURLSearchHooks: FCToolbarURLSearchHook Class: {f78bf7a8-cf12-4de7-a6da-c463d1b539a7} - c:\program files\dogpile bundle toolbar\Helper.dll
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: midicairUSA Toolbar: {f3902028-4a21-4793-8e05-793e183d51c2} - c:\program files\midicairusa\prxtbmidi.dll
mURLSearchHooks: AOL Messaging Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Yahooo Search Protection: {25bc7718-0bfa-40ea-b381-4b2d9732d686} - c:\program files\yahoo!\search protection\ysp.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Yahoo! IE Suggest: {5a263cf7-56a6-4d68-a8cf-345be45bc911} - c:\program files\yahoo!\searchsuggest\YSearchSuggest.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Shop to Win 4: {91917dc6-93b9-4e62-b2d6-d39c9618c418} - c:\program files\shop to win 4\ShoppingBHO.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\8.0.0.40\AVG Secure Search_toolbar.dll
BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: AOL Messaging Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Dogpile Bundle Toolbar BHO: {bfe4b5cb-63f7-4a51-9266-6167655d5b4f} - c:\program files\dogpile bundle toolbar\Toolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll
BHO: midicairUSA Toolbar: {f3902028-4a21-4793-8e05-793e183d51c2} - c:\program files\midicairusa\prxtbmidi.dll
BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo\YontooIEClient.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn3\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Dogpile Bundle Toolbar: {c80bdeb2-8735-44c6-bd55-a1ccd555667a} - c:\program files\dogpile bundle toolbar\Toolbar.dll
TB: AOL Messaging Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: midicairUSA Toolbar: {f3902028-4a21-4793-8e05-793e183d51c2} - c:\program files\midicairusa\prxtbmidi.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\8.0.0.40\AVG Secure Search_toolbar.dll
EB: AT&&T Yahoo! Sidebar: {51085e3d-a958-42a2-a6be-a6a9b0baf276} - c:\program files\yahoo!\browser\ysidebarIE.dll
uRun: [Google Update] "c:\documents and settings\compaq_administrator\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask .exe" -atboottime
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [BackupNowEZtray] "c:\program files\newtech infosystems\backup now ez\BackupNowEZtray.exe" -k
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
StartupFolder: c:\docume~1\compaq~1\startm~1\programs\startup\autoru~1\antima~1.lnk - c:\documents and settings\compaq_administrator\application data\dbf4505d2e0503b99dd8e1d3dbbbd72d\sorttp700.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\Orbit.lnk -
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: &Search - ?s=100000343&p=ZKfox000&si=&a=IXJ3gQpP4lGqxluXrfxKog&n=2010040213
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - c:\program files\yahoo!\search protection\ysp.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: mswsock.dll
Trusted Zone: babynamescentral.com\www
Trusted Zone: trymedia.com
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper200711281.dll
DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} - hxxp://asp.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase2474.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {95D88B35-A521-472B-A182-BB1A98356421} - hxxp://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - hxxp://support.f-secure.com/ols/fscax.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} - hxxp://asp.mathxl.com/books/_Players/MathPlayer.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{5D534568-0898-4523-AE18-DE2497E58463} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D} : DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\8.0.1\ViProtocol.dll
Notify: khfgebc - khfgebc.dll
STS: tokatiluy: {8b565bf9-8198-495f-ba43-b3e6976c87cd} - c:\windows\system32\gebojele.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\gebcd.dll
LSA: Notification Packages = scecli o f o n o . d l l nilofono.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\compaq_administrator\application data\mozilla\firefox\profiles\uqjfirve.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://aol.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3070524&SearchSource=2&q=
FF - component: c:\documents and settings\compaq_administrator\application data\mozilla\firefox\profiles\uqjfirve.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCoreGecko19.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - component: c:\program files\orbitdownloader\addons\oneclickyoutubedownloader\components\GrabXpcom .dll
FF - plugin: c:\documents and settings\compaq_administrator\application data\mozilla\firefox\profiles\uqjfirve.default\extensions\{1bc9ba34-1eed-42ca-a505-6d2f1a935bbb}\plugins\npietab2.dll
FF - plugin: c:\documents and settings\compaq_administrator\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\documents and settings\compaq_administrator\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npsabffx.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\superadblocker.com\npsabffx.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: extentions.y2layers.installId - d65cc208-117e-45b6-86db-0136932a65c1
FF - user.js: extentions.y2layers.defaultEnableAppsLi st - Buzzdock,BuzzdockTease,DropDownDeals,BestVideoDownloader,BestVideoDownloade r,
.
============= SERVICES / DRIVERS ===============
.
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-12-11 435032]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-12-11 314456]
S2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-9 14336]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-12-11 20568]
S2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-12-11 44768]
S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S2 NTI BackupNowEZSvr;NTI BackupNowEZSvr;c:\program files\newtech infosystems\backup now ez\BackupNowEZSvr.exe [2009-9-19 45312]
S2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-11-10 1174664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 RkHit;RkHit;\??\c:\windows\system32\drivers\rkhit.sys --> c:\windows\system32\drivers\RKHit.sys [?]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
.
=============== Created Last 30 ================
.
2011-12-12 07:08:04 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2011-12-12 05:03:43 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-12-11 20:32:27 -------- d-----w- c:\documents and settings\compaq_administrator\application data\AVG2012
2011-12-11 20:26:12 -------- d-----w- c:\documents and settings\compaq_administrator\application data\AVG Secure Search
2011-12-11 20:25:58 -------- d-----w- c:\program files\common files\AVG Secure Search
2011-12-11 20:25:51 -------- d-----w- c:\program files\AVG Secure Search
2011-12-11 20:25:39 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2011-12-11 20:23:40 -------- d-----w- c:\windows\system32\drivers\AVG
2011-12-11 20:23:40 -------- d-----w- c:\documents and settings\all users\application data\AVG2012
2011-12-11 20:22:47 -------- d-----w- c:\program files\AVG
2011-12-11 20:01:58 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2011-12-11 19:32:51 -------- d-----w- C:\a39014efedd8604e4c25e763
2011-12-11 19:06:14 -------- d-----w- c:\program files\common files\PC Tools
2011-12-11 19:03:04 -------- d-----w- c:\documents and settings\compaq_administrator\application data\TestApp
2011-12-11 18:19:38 -------- d-----w- c:\program files\Conduit
2011-12-11 18:19:37 -------- d-----w- c:\documents and settings\compaq_administrator\local settings\application data\midicairUSA
2011-12-11 18:19:37 -------- d-----w- c:\documents and settings\compaq_administrator\local settings\application data\Conduit
2011-12-11 18:19:35 -------- d-----w- c:\program files\midicairUSA
2011-12-11 17:35:47 -------- d-----w- c:\documents and settings\compaq_administrator\local settings\application data\NPE
2011-12-11 17:35:47 -------- d-----w- c:\documents and settings\all users\application data\Norton
2011-12-11 13:32:26 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2011-12-11 13:10:52 154496 ----a-w- c:\windows\system32\dllcache\icam4usb.sys
2011-12-11 12:53:19 27648 ----a-w- c:\windows\system32\dllcache\cyzports.dll
2011-12-11 12:46:19 22044 ----a-w- c:\windows\system32\dllcache\cem33n5.sys
2011-12-11 11:45:13 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-12-11 11:44:59 41184 ----a-w- c:\windows\avastSS.scr
2011-12-11 11:44:47 -------- d-----w- c:\program files\AVAST Software
2011-12-11 11:44:47 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2011-12-11 09:03:38 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-12-11 09:03:37 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-12-11 09:02:48 -------- d-----w- c:\documents and settings\all users\application data\Hitman Pro
2011-12-11 07:31:21 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
2011-12-10 09:47:44 -------- d-----w- c:\documents and settings\all users\application data\Tarma Installer
2011-12-10 06:10:38 -------- d-----w- c:\program files\common files\McAfee
2011-12-04 16:46:11 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-12-04 16:46:11 -------- d-----w- c:\windows\system32\wbem\Repository
2011-12-04 16:45:35 -------- d-----w- c:\documents and settings\compaq_administrator\local settings\application data\Solid State Networks
2011-12-04 14:23:53 -------- d-----w- c:\program files\McAfee
2011-12-01 06:09:42 -------- d-----w- c:\documents and settings\all users\application data\McAfee Security Scan
2011-12-01 06:09:38 -------- d-----w- c:\program files\McAfee Security Scan
2011-11-16 07:36:33 -------- d-----w- c:\documents and settings\compaq_administrator\application data\QuickScan
2011-11-16 05:36:45 -------- d-----w- c:\program files\ESET
.
==================== Find3M ====================
.
2011-10-07 12:23:48 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-04 12:21:42 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-09-13 12:30:10 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
.
============= FINISH: 1:13:34.32 ===============
----------------------------------------------------------------------------------------------------------------------------

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/5/2007 10:26:22 PM
System Uptime: 12/11/2011 9:07:53 PM (4 hours ago)
.
Motherboard: ASUSTek Computer INC. | | NAOS
Processor: AMD Athlon(tm) 64 Processor 3500+ | Socket AM2 | 2204/199mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 140 GiB total, 83.6 GiB free.
D: is FIXED (FAT32) - 9 GiB total, 0.539 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: IDE\CDROMLITE-ON_DVDRW_SHM-165H6S________________HP10____\5&349AA4DF&0&0.0.0
Manufacturer: (Standard CD-ROM drives)
Name: LITE-ON DVDRW SHM-165H6S
PNP Device ID: IDE\CDROMLITE-ON_DVDRW_SHM-165H6S________________HP10____\5&349AA4DF&0&0.0.0
Service: cdrom
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
7-Zip 4.65
Adobe AIR
Adobe Community Help
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe InDesign CS5
Adobe Media Player
Adobe Reader 8.1.1
AIM 7
Aiprosoft iPod Touch Video Converter
Akamai NetSession Interface
Akamai NetSession Interface Service
AOL Messaging Toolbar
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
AT&T Self Support Tool
AT&T Yahoo! Applications
Audacity 1.2.6
avast! Free Antivirus
AVG 2012
Bonjour
BroadJump Client Foundation
BufferChm
CA Yahoo! Anti-Spy (remove only)
CCleaner (remove only)
CCScore
Compaq Connections (remove only)
Compatibility Pack for the 2007 Office system
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
cp_UpdateProjectsConfig
CueTour
Customer Experience Enhancement
Data Fax SoftModem with SmartCP
Destinations
DeviceManagementQFolder
Dogpile Bundle Toolbar
Download Updater (AOL LLC)
Easy Internet Sign-up
Entropia Universe
ESET Online Scanner v3
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
Fast Browser Search for Firefox (My Web Tattoo)
fflink
FullDPAppQFolder
GemMaster Mystic
GIMP 2.6.8
Google Chrome
High Definition Audio Driver Package - KB888111
Hitman Pro 3.5
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB912024)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB945060-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Boot Optimizer
HP Deskjet 3840
HP DVD Play 2.1
HP Games 3.43.97
HP Imaging Device Functions 7.0
HP Photosmart Premier Software 6.5
HP Support Overview
HP Update
HP Web Helper
HPPhotoSmartExpress
HpSdpAppCoreApp
iDump (Backing up your iPod)
ImageRescue3
InstantShareDevices
iTunes
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 13
Java(TM) 6 Update 2
Junk Mail filter update
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
LightScribe 1.4.105.1
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Malwarebytes' Anti-Malware version 1.51.2.1300
Manga Studio Debut 4.0
McAfee Security Scan Plus
McAfee SiteAdvisor
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Away Mode
Microsoft Choice Guard
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2006
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003 60 days trial
Microsoft Office XP Professional with FrontPage
Microsoft Search Enhancement Pack
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
midicairUSA Toolbar
MobileMe Control Panel
Mozilla Firefox 8.0.1 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
My HP Games
MyIdentityDefender Toolbar (CyberDefender Corporation)
netbrdg
Netscape Browser (remove only)
NTI Backup Now EZ
NVIDIA Drivers
Octoshape add-in for Adobe Flash Player
OfotoXMI
OptionalContentQFolder
Orbit Downloader
Otto
PC-Doctor 5 for Windows
PC Fix Speed 1.0.0.0
PCSafeDoctor
PDF Settings CS5
PhotoGallery
Play Pickle
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
Quicken 2006
QuickTime
RandMap
RCA Detective™ 3.0.0.101
RCA easyRip 2.4.6.0
RCA Updater 2.0.0.0
Realtek High Definition Audio Driver
Rhapsody
SecondLifeViewer2 (remove only)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Segoe UI
SFR
SHASTA
Shop to Win 4
skin0001
SkinsHP1
SKINXSDK
Skype Click to Call
Skype™ 5.5
SlideShow
SlideShowMusic
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sonic_PrimoSDK
Spybot - Search & Destroy
staticcr
Symantec KB-DocID:2003093015493306
The Rosetta Stone
The Weather Channel Desktop 6
Unity Web Player
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Media Format SDK (KB902344)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB953356)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
VideoSpirit Pro 1.72
VoiceOver Kit
VPRINTOL
WeatherBug
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format Runtime
Windows Media Player Firefox Plugin
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892050
Windows XP Hotfix - KB893066
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB912067
Windows XP Media Center Edition 2005 KB973768
WIRELESS
Xvid 1.2.1 final uninstall
Yahoo! Search Protection
Yahoo! Search Suggest Add-on for IE7
Yahoo! Software Update
Yontoo 1.10.02
Zoosk Messenger
.
==== Event Viewer Messages From Past Week ========
.
12/7/2011 9:01:00 AM, error: Schedule [7901] - The At10.job command failed to start due to the following error: %%2147942402
12/7/2011 8:01:00 AM, error: Schedule [7901] - The At9.job command failed to start due to the following error: %%2147942402
12/7/2011 7:01:00 AM, error: Schedule [7901] - The At8.job command failed to start due to the following error: %%2147942402
12/7/2011 6:01:00 AM, error: Schedule [7901] - The At7.job command failed to start due to the following error: %%2147942402
12/7/2011 5:01:00 AM, error: Schedule [7901] - The At6.job command failed to start due to the following error: %%2147942402
12/7/2011 4:01:00 AM, error: Schedule [7901] - The At5.job command failed to start due to the following error: %%2147942402
12/7/2011 3:01:00 AM, error: Schedule [7901] - The At4.job command failed to start due to the following error: %%2147942402
12/7/2011 2:01:00 AM, error: Schedule [7901] - The At3.job command failed to start due to the following error: %%2147942402
12/7/2011 12:01:00 PM, error: Schedule [7901] - The At13.job command failed to start due to the following error: %%2147942402
12/7/2011 12:01:00 AM, error: Schedule [7901] - The At1.job command failed to start due to the following error: %%2147942402
12/7/2011 11:01:00 AM, error: Schedule [7901] - The At12.job command failed to start due to the following error: %%2147942402
12/7/2011 10:01:00 AM, error: Schedule [7901] - The At11.job command failed to start due to the following error: %%2147942402
12/7/2011 1:01:00 PM, error: Schedule [7901] - The At14.job command failed to start due to the following error: %%2147942402
12/7/2011 1:01:00 AM, error: Schedule [7901] - The At2.job command failed to start due to the following error: %%2147942402
12/6/2011 9:01:00 PM, error: Schedule [7901] - The At22.job command failed to start due to the following error: %%2147942402
12/6/2011 8:01:00 PM, error: Schedule [7901] - The At21.job command failed to start due to the following error: %%2147942402
12/6/2011 7:01:00 PM, error: Schedule [7901] - The At20.job command failed to start due to the following error: %%2147942402
12/6/2011 6:01:00 PM, error: Schedule [7901] - The At19.job command failed to start due to the following error: %%2147942402
12/6/2011 5:01:00 PM, error: Schedule [7901] - The At18.job command failed to start due to the following error: %%2147942402
12/6/2011 4:01:00 PM, error: Schedule [7901] - The At17.job command failed to start due to the following error: %%2147942402
12/6/2011 3:01:00 PM, error: Schedule [7901] - The At16.job command failed to start due to the following error: %%2147942402
12/6/2011 2:01:00 PM, error: Schedule [7901] - The At15.job command failed to start due to the following error: %%2147942402
12/6/2011 11:01:00 PM, error: Schedule [7901] - The At24.job command failed to start due to the following error: %%2147942402
12/6/2011 10:01:00 PM, error: Schedule [7901] - The At23.job command failed to start due to the following error: %%2147942402
12/11/2011 8:50:18 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McComponentHostService with arguments "" in order to run the server: {CC6F4D12-8575-4CFF-9455-CF5774AEB13B}
12/11/2011 8:13:53 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD AmdK8 aswRdr aswSnx aswSP aswTdi Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
12/11/2011 6:04:06 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'cdrom.sys' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
12/11/2011 5:45:06 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
12/11/2011 5:21:33 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
12/11/2011 3:39:22 AM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
12/11/2011 2:49:01 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK8 Fips
12/11/2011 2:42:35 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AmdK8 aswSnx aswSP aswTdi Avgldx86 Avgmfx86 Fips
12/11/2011 12:14:38 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
12/11/2011 12:13:25 AM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
12/11/2011 12:11:33 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AmdK8 aswSnx aswSP aswTdi Fips
12/11/2011 12:03:45 AM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: This operation returned because the timeout period expired.
12/11/2011 12:00:26 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McAfee SiteAdvisor Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}
12/11/2011 12:00:17 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AmdK8 aswSP aswTdi Fips
12/11/2011 11:58:29 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD AmdK8 aswRdr aswSnx aswSP aswTdi Fips IntelIde IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip ViaIde
12/11/2011 11:55:30 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Image Acquisition (WIA) service to connect.
12/11/2011 11:55:30 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Symantec Core LC service to connect.
12/11/2011 11:55:30 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the SSDP Discovery Service service to connect.
12/11/2011 11:55:30 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the SeaPort service to connect.
12/11/2011 11:55:30 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the NVIDIA Display Driver Service service to connect.
12/11/2011 11:55:30 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the NTI BackupNowEZSvr service to connect.
12/11/2011 11:55:30 AM, error: Service Control Manager [7001] - The Media Center Extender Service service depends on the SSDP Discovery Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
12/11/2011 11:55:30 AM, error: Service Control Manager [7000] - The Windows Image Acquisition (WIA) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/11/2011 11:55:30 AM, error: Service Control Manager [7000] - The Symantec Core LC service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/11/2011 11:55:30 AM, error: Service Control Manager [7000] - The SSDP Discovery Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/11/2011 11:55:30 AM, error: Service Control Manager [7000] - The SeaPort service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/11/2011 11:55:30 AM, error: Service Control Manager [7000] - The NVIDIA Display Driver Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/11/2011 11:55:30 AM, error: Service Control Manager [7000] - The NTI BackupNowEZSvr service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/11/2011 1:46:16 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde ViaIde
12/10/2011 11:58:53 PM, error: NetBT [4311] - Initialization failed because the driver device could not be created.
12/10/2011 11:50:29 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD AmdK8 aswSP aswTdi Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
12/10/2011 11:50:29 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
12/10/2011 11:50:29 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/10/2011 11:50:29 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/10/2011 11:50:29 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
12/10/2011 11:50:29 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/10/2011 11:50:29 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/10/2011 11:49:51 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
12/10/2011 11:49:42 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/10/2011 11:49:35 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
12/10/2011 11:47:21 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.
.
==== End Of File ===========================

ATTACH.TXT LOG
----------------------------------------------------------------------------------------------
==========================================================
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/5/2007 10:26:22 PM
System Uptime: 12/11/2011 9:07:53 PM (4 hours ago)
.
Motherboard: ASUSTek Computer INC. | | NAOS
Processor: AMD Athlon(tm) 64 Processor 3500+ | Socket AM2 | 2204/199mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 140 GiB total, 83.6 GiB free.
D: is FIXED (FAT32) - 9 GiB total, 0.539 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: IDE\CDROMLITE-ON_DVDRW_SHM-165H6S________________HP10____\5&349AA4DF&0&0.0.0
Manufacturer: (Standard CD-ROM drives)
Name: LITE-ON DVDRW SHM-165H6S
PNP Device ID: IDE\CDROMLITE-ON_DVDRW_SHM-165H6S________________HP10____\5&349AA4DF&0&0.0.0
Service: cdrom
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
7-Zip 4.65
Adobe AIR
Adobe Community Help
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe InDesign CS5
Adobe Media Player
Adobe Reader 8.1.1
AIM 7
Aiprosoft iPod Touch Video Converter
Akamai NetSession Interface
Akamai NetSession Interface Service
AOL Messaging Toolbar
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
AT&T Self Support Tool
AT&T Yahoo! Applications
Audacity 1.2.6
avast! Free Antivirus
AVG 2012
Bonjour
BroadJump Client Foundation
BufferChm
CA Yahoo! Anti-Spy (remove only)
CCleaner (remove only)
CCScore
Compaq Connections (remove only)
Compatibility Pack for the 2007 Office system
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
cp_UpdateProjectsConfig
CueTour
Customer Experience Enhancement
Data Fax SoftModem with SmartCP
Destinations
DeviceManagementQFolder
Dogpile Bundle Toolbar
Download Updater (AOL LLC)
Easy Internet Sign-up
Entropia Universe
ESET Online Scanner v3
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
Fast Browser Search for Firefox (My Web Tattoo)
fflink
FullDPAppQFolder
GemMaster Mystic
GIMP 2.6.8
Google Chrome
High Definition Audio Driver Package - KB888111
Hitman Pro 3.5
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB912024)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB945060-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Boot Optimizer
HP Deskjet 3840
HP DVD Play 2.1
HP Games 3.43.97
HP Imaging Device Functions 7.0
HP Photosmart Premier Software 6.5
HP Support Overview
HP Update
HP Web Helper
HPPhotoSmartExpress
HpSdpAppCoreApp
iDump (Backing up your iPod)
ImageRescue3
InstantShareDevices
iTunes
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 13
Java(TM) 6 Update 2
Junk Mail filter update
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
LightScribe 1.4.105.1
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Malwarebytes' Anti-Malware version 1.51.2.1300
Manga Studio Debut 4.0
McAfee Security Scan Plus
McAfee SiteAdvisor
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Away Mode
Microsoft Choice Guard
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2006
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003 60 days trial
Microsoft Office XP Professional with FrontPage
Microsoft Search Enhancement Pack
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
midicairUSA Toolbar
MobileMe Control Panel
Mozilla Firefox 8.0.1 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
My HP Games
MyIdentityDefender Toolbar (CyberDefender Corporation)
netbrdg
Netscape Browser (remove only)
NTI Backup Now EZ
NVIDIA Drivers
Octoshape add-in for Adobe Flash Player
OfotoXMI
OptionalContentQFolder
Orbit Downloader
Otto
PC-Doctor 5 for Windows
PC Fix Speed 1.0.0.0
PCSafeDoctor
PDF Settings CS5
PhotoGallery
Play Pickle
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
Quicken 2006
QuickTime
RandMap
RCA Detective™ 3.0.0.101
RCA easyRip 2.4.6.0
RCA Updater 2.0.0.0
Realtek High Definition Audio Driver
Rhapsody
SecondLifeViewer2 (remove only)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Se

strangerinchi · « **Reply #3 on:** December 13, 2011, 08:10:16 PM »

Okay, I made a mistake, please forgive me. I don't know how to edit my post....I posted old logs from the other day and not in the order as follows. Currently I am scanning with Super Anti-Spyware and I will post that when the scan finishes. Thanks, again.

strangerinchi · « **Reply #4 on:** December 14, 2011, 01:00:19 AM »

Hi again. Here is my SAS log. I scanned and thought I found 103 trojans...I think most of those were false negatives and the wrong files because when I went to regular mode my pc still froze within startup. MBAM, new DDS and GMER logs soon to follow....

======================================================

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/14/2011 at 01:17 AM

Application Version : 5.0.1136

Core Rules Database Version : 8049
Trace Rules Database Version: 5861

Scan type : Complete Scan
Total Scan Time : 03:09:51

Operating System Information
Windows XP Professional 32-bit, Service Pack 2 (Build 5.01.2600)
Administrator

Memory items scanned : 352
Memory threats detected : 0
Registry items scanned : 39078
Registry threats detected : 9
File items scanned : 273379
File threats detected : 1901

Adware.MyWebSearch/FunWebProducts
   HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE
   HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE#NextInstance
   HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000
   HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#Service
   HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#Legacy
   HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#ConfigFlags
   HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#Class
   HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#ClassGUID
   HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#DeviceDesc
   ZIP ARCHIVE( C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SPYBOT - SEARCH & DESTROY\RECOVERY\MYWAYMYWEBSEARCH118.ZIP )/PROGRAM FILES/MYWEBSEARCH/BAR/2.BIN/F3PSSAVR.SCR
   C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SPYBOT - SEARCH & DESTROY\RECOVERY\MYWAYMYWEBSEARCH118.ZIP
   ZIP ARCHIVE( C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SPYBOT - SEARCH & DESTROY\RECOVERY\MYWAYMYWEBSEARCH66.ZIP )/PROGRAM FILES/MYWEBSEARCH/BAR/2.BIN/F3PSSAVR.SCR
   C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SPYBOT - SEARCH & DESTROY\RECOVERY\MYWAYMYWEBSEARCH66.ZIP

Adware.Gamevance
   C:\Program Files\PLAY PICKLE\ars.cfg
   C:\Program Files\PLAY PICKLE\icon.ico
   C:\Program Files\PLAY PICKLE
   C:\Program Files\Gamevance Games\ars.cfg
   C:\Program Files\Gamevance Games

Adware.Tracking Cookie
   C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@advertising[1].txt [ /advertising ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt [ /ar.atwola ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt [ /at.atwola ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@atdmt[1].txt [ /atdmt ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@atwola[1].txt [ /atwola ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt [ /c.atdmt ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt [ /cdn.at.atwola ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@doubleclick[1].txt [ /doubleclick ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@imrworldwide[2].txt [ /imrworldwide ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@invitemedia[2].txt [ /invitemedia ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@media6degrees[2].txt [ /media6degrees ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@questionmarket[2].txt [ /questionmarket ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@stopzilla[1].txt [ /stopzilla ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt [ /tacoda.at.atwola ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt [ /www.stopzilla ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@247realmedia[1].txt [ /247realmedia ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@2o7[2].txt [ /2o7 ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt [ /a1.interclick ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt [ /ad.360yield ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@adbrite[2].txt [ /adbrite ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@adlegend[2].txt [ /adlegend ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@admarketplace[1].txt [ /admarketplace ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt [ /ads.adk2 ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt [ /ads.bighealthtree ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt [ /ads.blogtalkradio ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt [ /ads.creafi ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt [ /ads.footar ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt [ /ads.gamersmedia ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt [ /ads.lycos ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt [ /ads.pointroll ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt [ /ads.pubmatic ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt [ /ads.undertone ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt [ /ads2.zeusclicks ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt [ /adserver.adtechus ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt [ /adserver.hardsextube ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt [ /adserving.ezanga ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@adtech[1].txt [ /adtech ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt [ /adup.rotator.hadj7.adjuggler ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@advertise[1].txt [ /advertise ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@advertising[2].txt [ /advertising ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@adxpose[1].txt [ /adxpose ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt [ /aimfar.solution.weborama ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt [ /akamai.interclickproxy ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt [ /ar.atwola ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt [ /at.atwola ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@atdmt[2].txt [ /atdmt ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@atwola[1].txt [ /atwola ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt [ /banners.fuckbookhookups ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@brandspotmedia[1].txt [ /brandspotmedia ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt [ /bridge2.admarketplace ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt [ /c.gigcount ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt [ /cdn.jemamedia ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@collective-media[2].txt [ /collective-media ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt [ /content.yieldmanager ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@crackle[2].txt [ /crackle ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@eclickz[2].txt [ /eclickz ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@enhance[2].txt [ /enhance ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@entrepreneur[1].txt [ /entrepreneur ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@ero-advertising[1].txt [ /ero-advertising ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt [ /filter.plusfind ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@getclicky[1].txt [ /getclicky ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@ghmedia[1].txt [ /ghmedia ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@goodcholesterolcount[2].txt [ /goodcholesterolcount ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@hardsextube[1].txt [ /hardsextube ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@harrenmedianetwork[1].txt [ /harrenmedianetwork ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@histats[1].txt [ /histats ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@histats[2].txt [ /histats ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@imrworldwide[2].txt [ /imrworldwide ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt [ /in.getclicky ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@indieclick[1].txt [ /indieclick ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@insightexpressai[2].txt [ /insightexpressai ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@interclick[1].txt [ /interclick ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@invitemedia[1].txt [ /invitemedia ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@legolas-media[1].txt [ /legolas-media ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@lfstmedia[1].txt [ /lfstmedia ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@lucidmedia[1].txt [ /lucidmedia ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt [ /madethecut.112.2o7 ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt [ /media.adfrontiers ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@media6degrees[1].txt [ /media6degrees ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt [ /mediaservices-d.openxenterprise ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt [ /miva.cinomedia ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt [ /mm.chitika ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@myroitracking[1].txt [ /myroitracking ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt [ /optimize.indieclick ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@pointroll[1].txt [ /pointroll ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@pornhub[1].txt [ /pornhub ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@pro-market[1].txt [ /pro-market ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@questionmarket[2].txt [ /questionmarket ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt [ /r1-ads.ace.advertising ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@realmedia[2].txt [ /realmedia ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@revsci[2].txt [ /revsci ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt [ /rotator.adjuggler ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@ru4[2].txt [ /ru4 ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt [ /server.cpmstar ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@serving-sys[2].txt [ /serving-sys ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@specificclick[1].txt [ /specificclick ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt [ /static.getclicky ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt [ /tacoda.at.atwola ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@technoratimedia[2].txt [ /technoratimedia ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@traffichaus[1].txt [ /traffichaus ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@trafficmp[2].txt [ /trafficmp ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@traveladvertising[2].txt [ /traveladvertising ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@tribalfusion[2].txt [ /tribalfusion ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@uiadserver[1].txt [ /uiadserver ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt [ /view.atdmt ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@weborama[1].txt [ /weborama ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt [ /www.pornhub ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@yieldmanager[1].txt [ /yieldmanager ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt [ /youngbucks.rotator.hadj7.adjuggler ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@googleads6[1].txt [ /googleads6.in ]
   C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\administrator@atwola[2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\administrator@advertising[1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\Cookies\compaq_administrator@adsonar[2].txt [ Cookie:[email protected]/adserving ]
   C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\Cookies\compaq_administrator@clkads[3].txt [ Cookie:[email protected]/adServe/banners/ ]
   C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\Cookies\compaq_administrator@clkads[2].txt [ Cookie:[email protected]/adServe/banners ]
   C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\Cookies\system@adsonar[3].txt [ Cookie:[email protected]/adserving ]
   C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\Cookies\system@bluesearchsite[1].txt [ Cookie:[email protected]/click/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@imrworldwide[2].txt [ Cookie:[email protected]/cgi-bin ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@ru4[2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@fastclick[1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@geltmedia[1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@pointroll[1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@myroitracking[2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@media6degrees[2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@revsci[1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@goclicker[2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@atdmt[2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@adsonar[3].txt [ Cookie:[email protected]/adserving ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@doubleclick[1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@lucidmedia[1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\[email protected][3].txt [ Cookie:[email protected]/advertisement/includes/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@getclicky[1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@trafficmp[1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@collective-media[2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@clickkick[2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@amazon-adsystem[1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@realmedia[1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@lfstmedia[1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@uiadserver[1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@find-education-courses[1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@burstnet[1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@histats[2].txt [ Cookie:[email protected]/stats/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@adbrite[2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@yieldmanager[1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@apmebf[2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@adxpose[1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@advertise[1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@crackle[2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@boom-find[1].txt [ Cookie:[email protected]/click/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@pro-market[2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@sadsearch[1].txt [ Cookie:[email protected]/click/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@entrepreneur[1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@bizzclick[2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@casalemedia[1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@questionmarket[2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@tribalfusion[1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@statcounter[2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@247realmedia[2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@clicksor[2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@histats[1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@advertising[2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@citygridmedia[2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@cherrysearch[1].txt [ Cookie:[email protected]/click/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\[email protected][1].txt [ Cookie:[email protected]/pagead/conversion/977140604/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@localfindstuff[1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@micklemedia[2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@come-find[1].txt [ Cookie:[email protected]/click/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@perfectsearchengines[1].txt [ Cookie:[email protected]/click/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@adtech[1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@findology[1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   cdn.insights.gravity.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\S28KVEUR ]
   macromedia.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\S28KVEUR ]
   s0.2mdn.net [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\S28KVEUR ]
   .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .pointroll.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .atdmt.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .atdmt.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .atdmt.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .atdmt.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .adinterax.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .adinterax.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .advertising.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .adbrite.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .adbrite.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .inspiremediagrouponline.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .inspiremediagrouponline.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .media6degrees.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .adbrite.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .fastclick.net [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .fastclick.net [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .lucidmedia.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .trafficmp.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .trafficmp.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .trafficmp.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .trafficmp.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .trafficmp.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .trafficmp.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .media6degrees.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .casalemedia.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .casalemedia.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .casalemedia.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .casalemedia.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .casalemedia.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .casalemedia.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .casalemedia.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .mediabrandsww.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .solvemedia.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .solvemedia.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .content.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   www.burstnet.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   www.burstbeacon.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .www.burstnet.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .burstnet.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .burstnet.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .interclick.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .interclick.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .interclick.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .adbrite.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .tribalfusion.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .ru4.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   ads.react2media.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   ads.react2media.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   ads.react2media.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .adserver.adtechus.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .lucidmedia.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .collective-media.net [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .apmebf.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .mediaplex.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .pointroll.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .doubleclick.net [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .questionmarket.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .questionmarket.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .adxpose.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .adbrite.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .adbrite.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .adbrite.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .adbrite.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .adbrite.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .media6degrees.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .media6degrees.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .at.atwola.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .r1-ads.ace.advertising.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .anrtx.tacoda.net [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .atwola.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .advertising.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .yieldmanager.net [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .content.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .advertising.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .advertising.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .fastclick.net [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .advertising.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .collective-media.net [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .collective-media.net [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .collective-media.net [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .collective-media.net [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .collective-media.net [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .collective-media.net [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .mediaplex.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .kontera.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .at.atwola.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .at.atwola.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .advertising.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .advertising.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .ar.atwola.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .ar.atwola.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .xiti.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .legolas-media.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .legolas-media.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .interclick.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .eset.122.2o7.net [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   a.ads2.msads.net [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   a.media.abcfamily.go.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   acvs.mediaonenetwork.net [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   ad.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   adbureau.net [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   adservr21.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   broadcast.piximedia.fr [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   cdn.complexmedianetwork.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   cdn.eyewonder.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   cdn.insights.gravity.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   cdn.media.abc.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   cdn.media.abcfamily.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   cdn.media.theview.tv [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   cdn.tremormedia.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   cdn1.static.pornhub.phncdn.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   cdn4.specificclick.net [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   cdn5.tribalfusion.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   chicagoradioandmedia.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   cloudfront.mediamatters.org [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   content.oddcast.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   content.yieldmanager.edgesuite.net [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   convoad.technoratimedia.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   convoad.technoratimedia.net [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   core.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   crackle.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   ds.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   ec.atdmt.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   freecamsexposed.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   googleads.g.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   i.*adult URL* [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   ia.media-imdb.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   ictv-ic-ec.indieclicktv.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   indieclick.3janecdn.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   interclick.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   konac.kontera.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   m1.2mdn.net [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   macromedia.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   media-macys.pictela.net [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   media.entertonement.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   media.heavy.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   media.ign.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   media.kmov.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   media.kyte.tv [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   media.mgnetwork.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   media.movieweb.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   media.mtvnservices.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   media.nbcchicago.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   media.nbcdfw.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   media.nbclosangeles.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   media.nbcnewyork.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   media.onsugar.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   media.oprah.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   media.perthnow.com.au [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   media.resulthost.org [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   media.scanscout.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   media.socialvibe.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   media.tattomedia.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   media.thewb.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   media.wcnc.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   media.zenfs.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   media01.kyte.tv [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   media1.break.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   media1.nfb.ca [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   mediaplex.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   mediaservice.mirror-image.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   mediastore.verizonwireless.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   msnbcmedia.msn.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   naiadsystems.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   objects.tremormedia.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   oddcast.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   piximedia.fr [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   richmedia247.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   rmd.atdmt.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   s0.2mdn.net [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   secure-uk.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   secure-us.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   service.twistage.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   serving-sys.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   sftrack.searchforce.net [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   spe.atdmt.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   speed.pointroll.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   stat.easydate.biz [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   stat.radioblogclub.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   static.2mdn.net [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   static.freecamsexposed.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   static.xxxmatch.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   thebigpornsecret.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   udn.specificclick.net [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   videos.mediaite.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   www.malepornstarsexposed.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   www.naiadsystems.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   www.pornhub.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   www.redorbit.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   www.soundclick.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   www.teennick.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   yieldmanager.edgesuite.net [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   .atdmt.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UQJFIRVE.DEFAULT\COOKIES.SQLITE ]
   .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UQJFIRVE.DEFAULT\COOKIES.SQLITE ]
   .pointroll.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UQJFIRVE.DEFAULT\COOKIES.SQLITE ]
   .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UQJFIRVE.DEFAULT\COOKIES.SQLITE ]
   .insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UQJFIRVE.DEFAULT\COOKIES.SQLITE ]
   .interclick.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UQJFIRVE.DEFAULT\COOKIES.SQLITE ]
   .interclick.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UQJFIRVE.DEFAULT\COOKIES.SQLITE ]
   .imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UQJFIRVE.DEFAULT\COOKIES.SQLITE ]
   .imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UQJFIRVE.DEFAULT\COOKIES.SQLITE ]
   .adserver.adtechus.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UQJFIRVE.DEFAULT\COOKIES.SQLITE ]
   .revsci.net [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UQJFIRVE.DEFAULT\COOKIES.SQLITE ]
   .legolas-media.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UQJFIRVE.DEFAULT\COOKIES.SQLITE ]
   wstat.wibiya.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UQJFIRVE.DEFAULT\COOKIES.SQLITE ]
   .lfstmedia.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UQJFIRVE.DEFAULT\COOKIES.SQLITE ]
   .collective-media.net [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UQJFIRVE.DEFAULT\COOKIES.SQLITE ]
   .insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UQJFIRVE.DEFAULT\COOKIES.SQLITE ]
   .insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UQJFIRVE.DEFAULT\COOKIES.SQLITE ]
   .adinterax.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UQJFIRVE.DEFAULT\COOKIES.SQLITE ]
   .adbrite.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UQJFIRVE.DEFAULT\COOKIES.SQLITE ]
   .advertising.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UQJFIRVE.DEFAULT\COOKIES.SQLITE ]
   .ru4.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UQJFIRVE.DEFAULT\COOKIES.SQLITE ]
   counters.gigya.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UQJFIRVE.DEFAULT\COOKIES.SQLITE ]
   .adxpose.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UQJFIRVE.DEFAULT\COOKIES.SQLITE ]
   .realmedia.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UQJFIRVE.DEFAULT\COOKIES.SQLITE ]
   .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UQJFIRVE.DEFAULT\COOKIES.SQLITE ]
   .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MOZILLA\F

strangerinchi · « **Reply #5 on:** December 14, 2011, 02:15:26 AM »

Here is my MBAM log...no results from the full scan of C: and D: drives:

=========================================================

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8351

Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 7.0.5730.13

12/14/2011 3:13:50 AM
mbam-log-2011-12-14 (03-13-50).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 437967
Time elapsed: 1 hour(s), 18 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

strangerinchi · « **Reply #6 on:** December 14, 2011, 02:28:11 AM »

DDS and ATTACH logs
.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Run by Compaq_Administrator at 3:20:52 on 2011-12-14
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1982.1221 [GMT -6:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://home.sweetim.com
uSearch Page = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uSearch Bar = hxxp://safesearch.cyberdefender.com/smallsearch.html
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://home.sweetim.com
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
uURLSearchHooks: AOL Messaging Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
uURLSearchHooks: FCToolbarURLSearchHook Class: {f78bf7a8-cf12-4de7-a6da-c463d1b539a7} - c:\program files\dogpile bundle toolbar\Helper.dll
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: midicairUSA Toolbar: {f3902028-4a21-4793-8e05-793e183d51c2} - c:\program files\midicairusa\prxtbmidi.dll
mURLSearchHooks: AOL Messaging Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Yahooo Search Protection: {25bc7718-0bfa-40ea-b381-4b2d9732d686} - c:\program files\yahoo!\search protection\ysp.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Yahoo! IE Suggest: {5a263cf7-56a6-4d68-a8cf-345be45bc911} - c:\program files\yahoo!\searchsuggest\YSearchSuggest.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Shop to Win 4: {91917dc6-93b9-4e62-b2d6-d39c9618c418} - c:\program files\shop to win 4\ShoppingBHO.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\8.0.0.40\AVG Secure Search_toolbar.dll
BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: AOL Messaging Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Dogpile Bundle Toolbar BHO: {bfe4b5cb-63f7-4a51-9266-6167655d5b4f} - c:\program files\dogpile bundle toolbar\Toolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll
BHO: midicairUSA Toolbar: {f3902028-4a21-4793-8e05-793e183d51c2} - c:\program files\midicairusa\prxtbmidi.dll
BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo\YontooIEClient.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn3\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Dogpile Bundle Toolbar: {c80bdeb2-8735-44c6-bd55-a1ccd555667a} - c:\program files\dogpile bundle toolbar\Toolbar.dll
TB: AOL Messaging Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: midicairUSA Toolbar: {f3902028-4a21-4793-8e05-793e183d51c2} - c:\program files\midicairusa\prxtbmidi.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\8.0.0.40\AVG Secure Search_toolbar.dll
EB: AT&&T Yahoo! Sidebar: {51085e3d-a958-42a2-a6be-a6a9b0baf276} - c:\program files\yahoo!\browser\ysidebarIE.dll
uRun: [Google Update] "c:\documents and settings\compaq_administrator\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask .exe" -atboottime
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [BackupNowEZtray] "c:\program files\newtech infosystems\backup now ez\BackupNowEZtray.exe" -k
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [pcsafedoctor.exe] c:\program files\pcsafedoctor\pcsafedoctor.exe
StartupFolder: c:\docume~1\compaq~1\startm~1\programs\startup\autoru~1\antima~1.lnk - c:\documents and settings\compaq_administrator\application data\dbf4505d2e0503b99dd8e1d3dbbbd72d\sorttp700.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\Orbit.lnk -
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: &Search - ?s=100000343&p=ZKfox000&si=&a=IXJ3gQpP4lGqxluXrfxKog&n=2010040213
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - c:\program files\yahoo!\search protection\ysp.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: mswsock.dll
Trusted Zone: babynamescentral.com\www
Trusted Zone: trymedia.com
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper200711281.dll
DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} - hxxp://asp.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase2474.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {95D88B35-A521-472B-A182-BB1A98356421} - hxxp://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - hxxp://support.f-secure.com/ols/fscax.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} - hxxp://asp.mathxl.com/books/_Players/MathPlayer.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{5D534568-0898-4523-AE18-DE2497E58463} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D} : DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\8.0.1\ViProtocol.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: khfgebc - khfgebc.dll
STS: tokatiluy: {8b565bf9-8198-495f-ba43-b3e6976c87cd} - c:\windows\system32\gebojele.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 c:\windows\system32\gebcd.dll
LSA: Notification Packages = scecli o f o n o . d l l nilofono.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\compaq_administrator\application data\mozilla\firefox\profiles\uqjfirve.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://aol.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3070524&SearchSource=2&q=
FF - component: c:\documents and settings\compaq_administrator\application data\mozilla\firefox\profiles\uqjfirve.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCoreGecko19.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - component: c:\program files\orbitdownloader\addons\oneclickyoutubedownloader\components\GrabXpcom.dll
FF - plugin: c:\documents and settings\compaq_administrator\application data\mozilla\firefox\profiles\uqjfirve.default\extensions\{1bc9ba34-1eed-42ca-a505-6d2f1a935bbb}\plugins\npietab2.dll
FF - plugin: c:\documents and settings\compaq_administrator\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\documents and settings\compaq_administrator\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npsabffx.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\superadblocker.com\npsabffx.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: extentions.y2layers.installId - d65cc208-117e-45b6-86db-0136932a65c1
FF - user.js: extentions.y2layers.defaultEnableAppsLi st - Buzzdock,BuzzdockTease,DropDownDeals,BestVideoDownloader,BestVideoDownloader,
.
============= SERVICES / DRIVERS ===============
.
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2011-12-12 28552]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-12-11 435032]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-12-11 314456]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
S2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-9 14336]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-12-11 20568]
S2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-12-11 44768]
S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S2 NTI BackupNowEZSvr;NTI BackupNowEZSvr;c:\program files\newtech infosystems\backup now ez\BackupNowEZSvr.exe [2009-9-19 45312]
S2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-11-10 1174664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 RkHit;RkHit;c:\windows\system32\drivers\RKHit.sys [2011-12-12 34736]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
.
=============== Created Last 30 ================
.
2011-12-13 02:10:40   34736   ----a-w-   c:\windows\system32\drivers\RKHit.sys
2011-12-13 01:52:30   28552   ----a-w-   c:\windows\system32\drivers\pavboot.sys
2011-12-13 01:52:17   --------   d-----w-   c:\windows\LastGood.Tmp
2011-12-13 01:50:46   --------   d-----w-   c:\program files\Panda Security
2011-12-12 07:08:04   --------   d-----w-   c:\program files\common files\Wise Installation Wizard
2011-12-12 05:03:43   41272   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2011-12-11 20:32:27   --------   d-----w-   c:\documents and settings\compaq_administrator\application data\AVG2012
2011-12-11 20:26:12   --------   d-----w-   c:\documents and settings\compaq_administrator\application data\AVG Secure Search
2011-12-11 20:25:58   --------   d-----w-   c:\program files\common files\AVG Secure Search
2011-12-11 20:25:51   --------   d-----w-   c:\program files\AVG Secure Search
2011-12-11 20:25:39   --------   d--h--w-   c:\documents and settings\all users\application data\Common Files
2011-12-11 20:23:40   --------   d-----w-   c:\windows\system32\drivers\AVG
2011-12-11 20:23:40   --------   d-----w-   c:\documents and settings\all users\application data\AVG2012
2011-12-11 20:22:47   --------   d-----w-   c:\program files\AVG
2011-12-11 20:01:58   --------   d-----w-   c:\documents and settings\all users\application data\MFAData
2011-12-11 19:32:51   --------   d-----w-   C:\a39014efedd8604e4c25e763
2011-12-11 19:06:14   --------   d-----w-   c:\program files\common files\PC Tools
2011-12-11 19:03:04   --------   d-----w-   c:\documents and settings\compaq_administrator\application data\TestApp
2011-12-11 18:19:38   --------   d-----w-   c:\program files\Conduit
2011-12-11 18:19:37   --------   d-----w-   c:\documents and settings\compaq_administrator\local settings\application data\midicairUSA
2011-12-11 18:19:37   --------   d-----w-   c:\documents and settings\compaq_administrator\local settings\application data\Conduit
2011-12-11 18:19:35   --------   d-----w-   c:\program files\midicairUSA
2011-12-11 17:35:47   --------   d-----w-   c:\documents and settings\compaq_administrator\local settings\application data\NPE
2011-12-11 17:35:47   --------   d-----w-   c:\documents and settings\all users\application data\Norton
2011-12-11 13:32:26   50176   ----a-w-   c:\windows\system32\dllcache\proquota.exe
2011-12-11 13:10:52   154496   ----a-w-   c:\windows\system32\dllcache\icam4usb.sys
2011-12-11 12:53:19   27648   ----a-w-   c:\windows\system32\dllcache\cyzports.dll
2011-12-11 12:46:19   22044   ----a-w-   c:\windows\system32\dllcache\cem33n5.sys
2011-12-11 11:45:13   435032   ----a-w-   c:\windows\system32\drivers\aswSnx.sys
2011-12-11 11:44:59   41184   ----a-w-   c:\windows\avastSS.scr
2011-12-11 11:44:47   --------   d-----w-   c:\program files\AVAST Software
2011-12-11 11:44:47   --------   d-----w-   c:\documents and settings\all users\application data\AVAST Software
2011-12-11 09:03:38   23624   ----a-w-   c:\windows\system32\drivers\hitmanpro35.sys
2011-12-11 09:03:37   --------   d-----w-   c:\program files\Hitman Pro 3.5
2011-12-11 09:02:48   --------   d-----w-   c:\documents and settings\all users\application data\Hitman Pro
2011-12-11 07:31:21   --------   d-----w-   c:\documents and settings\all users\application data\PC Tools
2011-12-10 09:47:44   --------   d-----w-   c:\documents and settings\all users\application data\Tarma Installer
2011-12-10 06:10:38   --------   d-----w-   c:\program files\common files\McAfee
2011-12-04 16:46:11   --------   d-----w-   c:\windows\system32\wbem\repository\FS
2011-12-04 16:46:11   --------   d-----w-   c:\windows\system32\wbem\Repository
2011-12-04 16:45:35   --------   d-----w-   c:\documents and settings\compaq_administrator\local settings\application data\Solid State Networks
2011-12-04 14:23:53   --------   d-----w-   c:\program files\McAfee
2011-12-01 06:09:42   --------   d-----w-   c:\documents and settings\all users\application data\McAfee Security Scan
2011-12-01 06:09:38   --------   d-----w-   c:\program files\McAfee Security Scan
2011-11-16 07:36:33   --------   d-----w-   c:\documents and settings\compaq_administrator\application data\QuickScan
2011-11-16 05:36:45   --------   d-----w-   c:\program files\ESET
.
==================== Find3M ====================
.
2011-10-07 12:23:48   230608   ----a-w-   c:\windows\system32\drivers\avgldx86.sys
2011-10-04 12:21:42   16720   ----a-w-   c:\windows\system32\drivers\AVGIDSShim.sys
.
============= FINISH: 3:21:39.76 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/5/2007 10:26:22 PM
System Uptime: 12/14/2011 1:45:25 AM (2 hours ago)
.
Motherboard: ASUSTek Computer INC. | | NAOS
Processor: AMD Athlon(tm) 64 Processor 3500+ | Socket AM2 | 2204/199mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 140 GiB total, 83.886 GiB free.
D: is FIXED (FAT32) - 9 GiB total, 0.539 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: IDE\CDROMLITE-ON_DVDRW_SHM-165H6S________________HP10____\5&349AA4DF&0&0.0.0
Manufacturer: (Standard CD-ROM drives)
Name: LITE-ON DVDRW SHM-165H6S
PNP Device ID: IDE\CDROMLITE-ON_DVDRW_SHM-165H6S________________HP10____\5&349AA4DF&0&0.0.0
Service: cdrom
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
7-Zip 4.65
Adobe AIR
Adobe Community Help
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe InDesign CS5
Adobe Media Player
Adobe Reader 8.1.1
AIM 7
Aiprosoft iPod Touch Video Converter
Akamai NetSession Interface
Akamai NetSession Interface Service
AOL Messaging Toolbar
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
AT&T Self Support Tool
AT&T Yahoo! Applications
Audacity 1.2.6
avast! Free Antivirus
AVG 2012
Bonjour
BroadJump Client Foundation
BufferChm
CA Yahoo! Anti-Spy (remove only)
CCleaner (remove only)
CCScore
Compaq Connections (remove only)
Compatibility Pack for the 2007 Office system
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
cp_UpdateProjectsConfig
CueTour
Customer Experience Enhancement
Data Fax SoftModem with SmartCP
Destinations
DeviceManagementQFolder
Dogpile Bundle Toolbar
Download Updater (AOL LLC)
Easy Internet Sign-up
Entropia Universe
ESET Online Scanner v3
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
Fast Browser Search for Firefox (My Web Tattoo)
fflink
FullDPAppQFolder
GemMaster Mystic
GIMP 2.6.8
Google Chrome
High Definition Audio Driver Package - KB888111
Hitman Pro 3.5
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB912024)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB945060-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Boot Optimizer
HP Deskjet 3840
HP DVD Play 2.1
HP Games 3.43.97
HP Imaging Device Functions 7.0
HP Photosmart Premier Software 6.5
HP Support Overview
HP Update
HP Web Helper
HPPhotoSmartExpress
HpSdpAppCoreApp
iDump (Backing up your iPod)
ImageRescue3
InstantShareDevices
iTunes
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 13
Java(TM) 6 Update 2
Junk Mail filter update
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
LightScribe 1.4.105.1
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Malwarebytes' Anti-Malware version 1.51.2.1300
Manga Studio Debut 4.0
McAfee Security Scan Plus
McAfee SiteAdvisor
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Away Mode
Microsoft Choice Guard
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2006
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003 60 days trial
Microsoft Office XP Professional with FrontPage
Microsoft Search Enhancement Pack
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
midicairUSA Toolbar
MobileMe Control Panel
Mozilla Firefox 8.0.1 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
My HP Games
MyIdentityDefender Toolbar (CyberDefender Corporation)
netbrdg
Netscape Browser (remove only)
NTI Backup Now EZ
NVIDIA Drivers
Octoshape add-in for Adobe Flash Player
OfotoXMI
OptionalContentQFolder
Orbit Downloader
Otto
Panda ActiveScan 2.0
PC-Doctor 5 for Windows
PC Fix Speed 1.0.0.0
PCSafeDoctor
PDF Settings CS5
PhotoGallery
Play Pickle
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
Quicken 2006
QuickTime
RandMap
RCA Detective™ 3.0.0.101
RCA easyRip 2.4.6.0
RCA Updater 2.0.0.0
Realtek High Definition Audio Driver
Rhapsody
SecondLifeViewer2 (remove only)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Segoe UI
SFR
SHASTA
Shop to Win 4
skin0001
SkinsHP1
SKINXSDK
Skype Click to Call
Skype™ 5.5
SlideShow
SlideShowMusic
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sonic_PrimoSDK
Spybot - Search & Destroy
staticcr
SUPERAntiSpyware
Symantec KB-DocID:2003093015493306
The Rosetta Stone
The Weather Channel Desktop 6
Unity Web Player
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Media Format SDK (KB902344)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB953356)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
VideoSpirit Pro 1.72
VoiceOver Kit
VPRINTOL
WeatherBug
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format Runtime
Windows Media Player Firefox Plugin
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892050
Windows XP Hotfix - KB893066
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB912067
Windows XP Media Center Edition 2005 KB973768
WIRELESS
Xvid 1.2.1 final uninstall
Yahoo! Search Protection
Yahoo! Search Suggest Add-on for IE7
Yahoo! Software Update
Yontoo 1.10.02
Zoosk Messenger
.
==== Event Viewer Messages From Past Week ========
.
12/9/2011 9:01:00 AM, error: Schedule [7901] - The At10.job command failed to start due to the following error: %%2147942402
12/9/2011 8:01:00 AM, error: Schedule [7901] - The At9.job command failed to start due to the following error: %%2147942402
12/9/2011 7:01:00 AM, error: Schedule [7901] - The At8.job command failed to start due to the following error: %%2147942402
12/9/2011 6:01:00 AM, error: Schedule [7901] - The At7.job command failed to start due to the following error: %%2147942402
12/9/2011 5:01:00 AM, error: Schedule [7901] - The At6.job command failed to start due to the following error: %%2147942402
12/9/2011 4:01:00 AM, error: Schedule [7901] - The At5.job command failed to start due to the following error: %%2147942402
12/9/2011 3:01:00 AM, error: Schedule [7901] - The At4.job command failed to start due to the following error: %%2147942402
12/9/2011 2:01:00 AM, error: Schedule [7901] - The At3.job command failed to start due to the following error: %%2147942402
12/9/2011 12:01:00 AM, error: Schedule [7901] - The At1.job command failed to start due to the following error: %%2147942402
12/9/2011 11:01:00 AM, error: Schedule [7901] - The At12.job command failed to start due to the following error: %%2147942402
12/9/2011 10:01:00 AM, error: Schedule [7901] - The At11.job command failed to start due to the following error: %%2147942402
12/9/2011 1:01:00 AM, error: Schedule [7901] - The At2.job command failed to start due to the following error: %%2147942402
12/8/2011 9:01:00 PM, error: Schedule [7901] - The At22.job command failed to start due to the following error: %%2147942402
12/8/2011 8:01:00 PM, error: Schedule [7901] - The At21.job command failed to start due to the following error: %%2147942402
12/8/2011 7:01:00 PM, error: Schedule [7901] - The At20.job command failed to start due to the following error: %%2147942402
12/8/2011 6:00:59 PM, error: Schedule [7901] - The At19.job command failed to start due to the following error: %%2147942402
12/8/2011 5:01:00 PM, error: Schedule [7901] - The At18.job command failed to start due to the following error: %%2147942402
12/8/2011 4:01:00 PM, error: Schedule [7901] - The At17.job command failed to start due to the following error: %%2147942402
12/8/2011 3:01:00 PM, error: Schedule [7901] - The At16.job command failed to start due to the following error: %%2147942402
12/8/2011 2:01:00 PM, error: Schedule [7901] - The At15.job command failed to start due to the following error: %%2147942402
12/8/2011 12:01:00 PM, error: Schedule [7901] - The At13.job command failed to start due to the following error: %%2147942402
12/8/2011 11:01:00 PM, error: Schedule [7901] - The At24.job command failed to start due to the following error: %%2147942402
12/8/2011 10:01:00 PM, error: Schedule [7901] - The At23.job command failed to start due to the following error: %%2147942402
12/8/2011 1:01:00 PM, error: Schedule [7901] - The At14.job command failed to start due to the following error: %%2147942402
12/13/2011 9:29:46 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AmdK8 aswSnx aswSP aswTdi Fips SASDIFSV SASKUTIL
12/13/2011 6:51:52 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
12/11/2011 8:50:18 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McComponentHostService with arguments "" in order to run the server: {CC6F4D12-8575-4CFF-9455-CF5774AEB13B}
12/11/2011 8:13:53 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD AmdK8 aswRdr aswSnx aswSP aswTdi Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
12/11/2011 6:04:06 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'cdrom.sys' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
12/11/2011 5:45:06 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
12/11/2011 5:21:33 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
12/11/2011 3:39:22 AM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
12/11/2011 2:49:01 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK8 Fips
12/11/2011 2:42:35 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AmdK8 aswSnx aswSP aswTdi Avgldx86 Avgmfx86 Fips
12/11/2011 12:14:38 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
12/11/2011 12:13:25 AM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
12/11/2011 12:11:33 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AmdK8 aswSnx aswSP aswTdi Fips
12/11/2011 12:03:45 AM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: This operation returned because the timeout period expired.
12/11/2011 12:00:26 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McAfee SiteAdvisor Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}
12/11/2011 12:00:17 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AmdK8 aswSP aswTdi Fips
12/11/2011 11:58:29 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD AmdK8 aswRdr aswSnx aswSP aswTdi Fips IntelIde IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip ViaIde
12/11/2011 11:55:30 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Image Acquisition (WIA) service to connect.
12/11/2011 11:55:30 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Symantec Core LC service to connect.
12/11/2011 11:55:30 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the SSDP Discovery Service service to connect.
12/11/2011 11:55:30 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the SeaPort service to connect.
12/11/2011 11:55:30 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the NVIDIA Display Driver Service service to connect.
12/11/2011 11:55:30 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the NTI BackupNowEZSvr service to connect.
12/11/2011 11:55:30 AM, error: Service Control Manager [7001] - The Media Center Extender Service service depends on the SSDP Discovery Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
12/11/2011 11:55:30 AM, error: Service Control Manager [7000] - The Windows Image Acquisition (WIA) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/11/2011 11:55:30 AM, error: Service Control Manager [7000] - The Symantec Core LC service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/11/2011 11:55:30 AM, error: Service Control Manager [7000] - The SSDP Discovery Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/11/2011 11:55:30 AM, error: Service Control Manager [7000] - The SeaPort service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/11/2011 11:55:30 AM, error: Service Control Manager [7000] - The NVIDIA Display Driver Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/11/2011 11:55:30 AM, error: Service Control Manager [7000] - The NTI BackupNowEZSvr service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/11/2011 1:46:16 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde ViaIde
12/10/2011 11:58:53 PM, error: NetBT [4311] - Initialization failed because the driver device could not be created.
12/10/2011 11:50:29 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD AmdK8 aswSP aswTdi Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
12/10/2011 11:50:29 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
12/10/2011 11:50:29 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/10/2011 11:50:29 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/10/2011 11:50:29 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
12/10/2011 11:50:29 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/10/2011 11:50:29 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/10/2011 11:49:51 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
12/10/2011 11:49:42 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/10/2011 11:49:35 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
12/10/2011 11:47:21 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.
.
==== End Of File ===========================

SuperDave · « **Reply #7 on:** December 14, 2011, 12:13:39 PM »

I strongly recommend that you remove Ask from your computer because it;

•Promotes its toolbars on sites targeted to kids.

•Promotes its toolbars through ads that appear to be part of other companies' sites.

•Promotes its toolbars through other companies' spyware.

•Installs without any disclosure whatsoever and without any consent whatsoever.

•Solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.

•Makes confusing changes to users' browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.

See Here for more info.

If you choose to follow my recommendation then please go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.

•AskBarDis or anything related to Ask

Then please find and delete this folder in bold (if present):
C:\Program Files\AskBarDis. or anything related to Ask.
********************************************************
Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
***************************************************
Download OTL to your desktop.

* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

Code: [Select]

:OTL

uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: Yahoo! Toolbar: 
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
Trusted Zone: babynamescentral.com\www
Trusted Zone: trymedia.com

:COMMANDS
[resethosts]
[purity]
[start explorer]

* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.
***********************************************************
Please download ComboFix

from BleepingComputer.com

Alternate link: GeeksToGo.com

and save it to your Desktop.
It would be easiest to download using Internet Explorer.
If you want to use Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Double click ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

If you have problems with ComboFix usage, see How to use ComboFix

strangerinchi · « **Reply #8 on:** December 14, 2011, 01:18:36 PM »

Hi, again! Here is the OTL log:

========== OTL ==========
========== COMMANDS ==========
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 12142011_141618

strangerinchi · « **Reply #9 on:** December 14, 2011, 01:19:43 PM »

Java got rid of all the older versions but mentioned a file was missing and then closed.
Moving on to downloading Combofix.exe.

strangerinchi · « **Reply #10 on:** December 14, 2011, 02:26:24 PM »

Woww!! I think my system is no longer infected! And I noticed while scanning combofix told me there was a rootkit in the TCP/IP and if there was problems with internet to run the program again, and I forgot to mention that when I was infected, I had ping.exe popping up a lot in task manager processes! Anyway, Here is the combofix log. Everything is running smoothly! I appreciate your help so much, SuperDave!!! =DDDDDD <333

ComboFix 11-12-13.03 - Compaq_Administrator 12/14/2011 14:55:05.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1982.1584 [GMT -6:00]
Running from: c:\documents and settings\Compaq_Administrator\My Documents\Downloads\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users\Application Data\Tarma Installer
c:\documents and settings\All Users\Application Data\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setup.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.dat
c:\documents and settings\All Users\Application Data\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.exe
c:\documents and settings\All Users\Application Data\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.ico
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Compaq_Administrator\Application Data\Adobe\plugs
c:\documents and settings\Compaq_Administrator\Application Data\Adobe\shed
c:\documents and settings\Compaq_Administrator\My Documents\iexplore.exe
c:\documents and settings\Compaq_Administrator\Recent\Thumbs.db
c:\documents and settings\Compaq_Administrator\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\program files\Blinkx
c:\program files\Blinkx\templates\index.html
c:\program files\Blinkx\templates\noflash.html
c:\program files\Blinkx\templates\offline.html
c:\program files\Blinkx\templates\offline.swf
c:\program files\Shop to Win 4\ShOPpingbho.dll
c:\windows\$NtUninstallKB62280$
c:\windows\$NtUninstallKB62280$\2941417489
c:\windows\$NtUninstallKB62280$\485945278\@
c:\windows\$NtUninstallKB62280$\485945278\bckfg.tmp
c:\windows\$NtUninstallKB62280$\485945278\cfg.ini
c:\windows\$NtUninstallKB62280$\485945278\Desktop.ini
c:\windows\$NtUninstallKB62280$\485945278\keywords
c:\windows\$NtUninstallKB62280$\485945278\kwrd.dll
c:\windows\$NtUninstallKB62280$\485945278\L\aqaeidou
c:\windows\$NtUninstallKB62280$\485945278\lsflt7.ver
c:\windows\$NtUninstallKB62280$\485945278\U\00000001.@
c:\windows\$NtUninstallKB62280$\485945278\U\00000002.@
c:\windows\$NtUninstallKB62280$\485945278\U\00000004.@
c:\windows\$NtUninstallKB62280$\485945278\U\80000000.@
c:\windows\$NtUninstallKB62280$\485945278\U\80000004.@
c:\windows\$NtUninstallKB62280$\485945278\U\80000032.@
c:\windows\CSC\d6
c:\windows\HPCPCUninstaller-6.3.2.116-5577497.exe
c:\windows\kb913800.exe
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\drivers\RKHit.sys
c:\windows\system32\vMW02a
D:\Autorun.inf
.
c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\system32\dllcache\proquota.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_RKHIT
-------\Service_RkHit
.
.
((((((((((((((((((((((((( Files Created from 2011-11-14 to 2011-12-14 )))))))))))))))))))))))))))))))
.
.
2011-12-14 21:07 . 2004-08-09 21:00   50176   ----a-w-   c:\windows\system32\proquota.exe
2011-12-14 21:07 . 2004-08-09 21:00   50176   ----a-w-   c:\windows\system32\dllcache\proquota.exe
2011-12-14 20:16 . 2011-12-14 20:16   --------   d-----w-   C:\_OTL
2011-12-13 01:52 . 2009-06-30 16:37   28552   ----a-w-   c:\windows\system32\drivers\pavboot.sys
2011-12-13 01:50 . 2011-12-13 01:50   --------   d-----w-   c:\program files\Panda Security
2011-12-12 07:08 . 2011-12-12 07:08   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2011-12-11 20:32 . 2011-12-11 20:32   --------   d-----w-   c:\documents and settings\Compaq_Administrator\Application Data\AVG2012
2011-12-11 20:26 . 2011-12-11 20:26   --------   d-----w-   c:\documents and settings\Compaq_Administrator\Application Data\AVG Secure Search
2011-12-11 20:25 . 2011-12-11 20:25   --------   d-----w-   c:\program files\Common Files\AVG Secure Search
2011-12-11 20:25 . 2011-12-11 20:26   --------   d-----w-   c:\program files\AVG Secure Search
2011-12-11 20:25 . 2011-12-11 20:25   --------   d--h--w-   c:\documents and settings\All Users\Application Data\Common Files
2011-12-11 20:23 . 2011-12-11 20:26   --------   d-----w-   c:\documents and settings\All Users\Application Data\AVG2012
2011-12-11 20:23 . 2011-12-11 20:24   --------   d-----w-   c:\windows\system32\drivers\AVG
2011-12-11 20:22 . 2011-12-11 20:22   --------   d-----w-   c:\program files\AVG
2011-12-11 20:01 . 2011-12-11 20:32   --------   d-----w-   c:\documents and settings\All Users\Application Data\MFAData
2011-12-11 19:32 . 2011-12-11 19:34   --------   d-----w-   C:\a39014efedd8604e4c25e763
2011-12-11 19:06 . 2011-12-11 20:33   --------   d-----w-   c:\program files\Common Files\PC Tools
2011-12-11 19:03 . 2011-12-11 19:03   --------   d-----w-   c:\documents and settings\Compaq_Administrator\Application Data\TestApp
2011-12-11 18:19 . 2011-12-11 18:19   --------   d-----w-   c:\program files\Conduit
2011-12-11 18:19 . 2011-12-11 18:19   --------   d-----w-   c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Conduit
2011-12-11 18:19 . 2011-12-11 18:19   --------   d-----w-   c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\midicairUSA
2011-12-11 18:19 . 2011-12-11 18:19   --------   d-----w-   c:\program files\midicairUSA
2011-12-11 17:35 . 2011-12-11 17:42   --------   d-----w-   c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\NPE
2011-12-11 17:35 . 2011-12-11 17:35   --------   d-----w-   c:\documents and settings\All Users\Application Data\Norton
2011-12-11 13:10 . 2001-08-17 20:06   154496   ----a-w-   c:\windows\system32\dllcache\icam4usb.sys
2011-12-11 12:53 . 2001-08-18 04:36   27648   ----a-w-   c:\windows\system32\dllcache\cyzports.dll
2011-12-11 12:46 . 2001-08-17 18:13   22044   ----a-w-   c:\windows\system32\dllcache\cem33n5.sys
2011-12-11 11:44 . 2011-12-14 20:43   --------   d-----w-   c:\documents and settings\All Users\Application Data\AVAST Software
2011-12-11 11:44 . 2011-12-11 11:44   --------   d-----w-   c:\program files\AVAST Software
2011-12-11 09:03 . 2011-12-12 03:10   23624   ----a-w-   c:\windows\system32\drivers\hitmanpro35.sys
2011-12-11 09:03 . 2011-12-11 09:03   --------   d-----w-   c:\program files\Hitman Pro 3.5
2011-12-11 09:02 . 2011-12-11 09:03   --------   d-----w-   c:\documents and settings\All Users\Application Data\Hitman Pro
2011-12-11 07:31 . 2011-12-11 11:23   --------   d-----w-   c:\documents and settings\All Users\Application Data\PC Tools
2011-12-10 06:10 . 2011-12-10 06:10   --------   d-----w-   c:\program files\Common Files\McAfee
2011-12-04 16:46 . 2011-12-04 16:46   --------   d-----w-   c:\windows\system32\wbem\Repository
2011-12-04 16:45 . 2011-12-04 16:45   --------   d-----w-   c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Solid State Networks
2011-12-04 14:23 . 2011-12-04 14:23   --------   d-----w-   c:\program files\McAfee
2011-12-03 06:11 . 2011-12-03 06:11   --------   d-----w-   c:\documents and settings\LocalService\Application Data\McAfee
2011-12-01 06:09 . 2011-12-04 14:24   --------   d-----w-   c:\documents and settings\All Users\Application Data\McAfee
2011-12-01 06:09 . 2011-12-01 06:09   --------   d-----w-   c:\documents and settings\All Users\Application Data\McAfee Security Scan
2011-12-01 06:09 . 2011-12-04 18:03   --------   d-----w-   c:\program files\McAfee Security Scan
2011-11-16 07:36 . 2011-12-11 20:54   --------   d-----w-   c:\documents and settings\Compaq_Administrator\Application Data\QuickScan
2011-11-16 05:36 . 2011-11-16 05:36   --------   d-----w-   c:\program files\ESET
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-07 12:23 . 2011-10-07 12:23   230608   ----a-w-   c:\windows\system32\drivers\avgldx86.sys
2011-10-04 12:21 . 2011-10-04 12:21   16720   ----a-w-   c:\windows\system32\drivers\AVGIDSShim.sys
2011-11-27 04:06 . 2011-05-07 00:15   134104   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.

Code: [Select]

<pre>
c:\program files\Common Files\Adobe\Updater5\AdobeUpdater .exe
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc .exe
c:\windows\system32\RunDll32 .exe
</pre>

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{f78bf7a8-cf12-4de7-a6da-c463d1b539a7}"= "c:\program files\Dogpile Bundle Toolbar\Helper.dll" [2011-05-08 357376]
"{f3902028-4a21-4793-8e05-793e183d51c2}"= "c:\program files\midicairUSA\prxtbmidi.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{f78bf7a8-cf12-4de7-a6da-c463d1b539a7}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{C766F9AD-E91E-43DE-91DC-D007680ED4AF}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
.
[HKEY_CLASSES_ROOT\clsid\{f3902028-4a21-4793-8e05-793e183d51c2}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2011-12-11 20:25   1451336   ----a-w-   c:\program files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}]
2011-05-08 19:54   1543168   ----a-w-   c:\program files\Dogpile Bundle Toolbar\Toolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f3902028-4a21-4793-8e05-793e183d51c2}]
2011-05-09 08:49   176936   ----a-w-   c:\program files\midicairUSA\prxtbmidi.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{C80BDEB2-8735-44C6-BD55-A1CCD555667A}"= "c:\program files\Dogpile Bundle Toolbar\Toolbar.dll" [2011-05-08 1543168]
"{f3902028-4a21-4793-8e05-793e183d51c2}"= "c:\program files\midicairUSA\prxtbmidi.dll" [2011-05-09 176936]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll" [2011-12-11 1451336]
.
[HKEY_CLASSES_ROOT\clsid\{c80bdeb2-8735-44c6-bd55-a1ccd555667a}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{CCBDEEA9-517A-4862-B0A1-862AE9532228}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{f3902028-4a21-4793-8e05-793e183d51c2}]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{C80BDEB2-8735-44C6-BD55-A1CCD555667A}"= "c:\program files\Dogpile Bundle Toolbar\Toolbar.dll" [2011-05-08 1543168]
.
[HKEY_CLASSES_ROOT\clsid\{c80bdeb2-8735-44c6-bd55-a1ccd555667a}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{CCBDEEA9-517A-4862-B0A1-862AE9532228}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask .exe -atboottime" [X]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-13 16239616]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [N/A]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-11-10 27136]
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-11-10 27136]
.
c:\documents and settings\Compaq_Administrator\Start Menu\Programs\Startup\AutorunsDisabled
Antimalware Doctor.lnk - c:\documents and settings\Compaq_Administrator\Application Data\DBF4505D2E0503B99DD8E1D3DBBBD72D\sorttp700.exe [N/A]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54   551296   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfgebc]
khfgebc.dll [BU]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RkHit.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AT&T Self Support Tool.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AT&T Self Support Tool.lnk
backup=c:\windows\pss\AT&T Self Support Tool.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
backup=c:\windows\pss\Compaq Connections.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Orbit.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Orbit.lnk
backup=c:\windows\pss\Orbit.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WhiteSmoke Translator.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WhiteSmoke Translator.lnk
backup=c:\windows\pss\WhiteSmoke Translator.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Administrator^Start Menu^Programs^Startup^Free Music Zilla.lnk]
path=c:\documents and settings\Compaq_Administrator\Start Menu\Programs\Startup\Free Music Zilla.lnk
backup=c:\windows\pss\Free Music Zilla.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Administrator^Start Menu^Programs^Startup^RCA Detective.lnk]
path=c:\documents and settings\Compaq_Administrator\Start Menu\Programs\Startup\RCA Detective.lnk
backup=c:\windows\pss\RCA Detective.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Administrator^Start Menu^Programs^Startup^ZooskMessenger.lnk]
path=c:\documents and settings\Compaq_Administrator\Start Menu\Programs\Startup\ZooskMessenger.lnk
backup=c:\windows\pss\ZooskMessenger.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 09:44   500208   ------w-   c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 10:57   406992   ----a-w-   c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
2011-05-03 15:43   4321112   ----a-w-   c:\program files\AIM\aim.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface]
c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Akamai\netsession_win.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AntiVirus AntiSpyware 2011]
c:\documents and settings\Compaq_Administrator\Application Data\AntiVirus AntiSpyware 2011\AntiVirus AntiSpyware.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-08-13 21:51   177440   -c--a-w-   c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast]
c:\program files\AVAST Software\Avast\avastUI.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast5]
c:\progra~1\ALWILS~1\Avast5\avastUI.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
c:\progra~1\Grisoft\AVG7\avgcc.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_TRAY]
2011-10-25 02:29   2415456   ----a-w-   c:\program files\AVG\AVG2012\avgtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupNowEZtray]
2009-09-19 13:04   562944   ----a-w-   c:\program files\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
c:\program files\BitComet\BitComet.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ClickPotatoLiteSA]
c:\program files\ClickPotatoLite\bin\10.0.659.0\ClickPotatoLiteSA.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DISCover]
2007-10-31 02:57   1095256   ----a-w-   c:\program files\DISC\DISCover.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW6]
2011-06-08 15:45   822456   ----a-w-   c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E-Set 2011]
c:\program files\E-Set 2011\e-set.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-05 21:56   64512   ----a-w-   c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\frlhavwk]
c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\qdmnov\pklssftav.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fxvjhtup]
c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\tpnwfbyar\kxyxqcgtssd.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gamevance]
c:\program files\Gamevance Games\gamevance32.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-05-18 19:00   136176   ----atw-   c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HitmanPro35]
2011-12-11 09:00   6480192   ----a-w-   c:\program files\Hitman Pro 3.5\HitmanPro35.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2003-12-22 13:38   241664   -c--a-w-   c:\program files\HP\hpcoretech\hpcmpmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 21:24   54840   -c--a-w-   c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
2006-02-15 23:34   249856   -c--a-w-   c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2004-03-04 15:46   172032   -c--a-w-   c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICS5R7Y0OS]
c:\windows\Fqugac.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jahovosuz]
c:\windows\system32\gebojele.dll [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
2005-08-24 12:51   442455   -c--a-w-   c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24   1694208   ----a-w-   c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-17 04:12   3872080   ----a-w-   c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor]
c:\progra~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
c:\progra~1\MYWEBS~1\bar\2.bin\mwsoemon.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
c:\windows\system32\NvCpl.dll [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA driver monitor]
c:\windows\nvsvc32.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-05-09 15:50   1519616   -c--a-w-   c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCFixSpeed]
2011-02-11 08:10   312440   ----a-w-   c:\program files\PCFixSpeed\PCFixTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pcsafedoctor.exe]
2011-11-01 22:22   2052608   ----a-w-   c:\program files\PCSafeDoctor\pcsafedoctor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Play Pickle]
c:\program files\Play Pickle\playpickle32.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qowhgiom]
c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\ftssqe\oqicsftav.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
c:\program files\QuickTime\qttask.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\R8388QA8U8]
c:\docume~1\COMPAQ~1\LOCALS~1\Temp\Fpt.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2005-07-22 23:14   237568   -c--a-w-   c:\windows\SMINST\Recguard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search Protection]
c:\program files\Yahoo!\Search Protection\SearchProtection.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-10-13 14:27   17351304   ----a-r-   c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sorttp700.exe]
c:\documents and settings\Compaq_Administrator\Application Data\DBF4505D2E0503B99DD8E1D3DBBBD72D\sorttp700.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 22:07   2260480   ------w-   c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-04-26 07:35   148888   -c--a-w-   c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-11-07 18:04   4617600   ----a-w-   c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 19:37   517096   -c--a-w-   c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sysfbtray]
c:\windows\freddy67.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\system tool]
c:\windows\sysguard.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
c:\program files\Common Files\Real\Update_OB\realsched.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vgkjwjqs]
c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\nfljrr\habvsftav.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt]
2011-12-11 20:25   218464   ----a-w-   c:\program files\AVG Secure Search\vprot.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
2006-07-21 21:19   129536   -c--a-w-   c:\progra~1\Yahoo!\browser\ybrwicon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
c:\program files\Yahoo!\Search Protection\SearchProtection.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RSVP"=3 (0x3)
"fioo32"=2 (0x2)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\SecondLifeViewer2\\SLVoice.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"2479:TCP"= 2479:TCP:Services
"2155:TCP"= 2155:TCP:Services
"1044:TCP"= 1044:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [12/12/2011 7:52 PM 28552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 10:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 3:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 5:38 PM 116608]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/9/2004 3:00 PM 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai   REG_MULTI_SZ     Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-11 c:\windows\Tasks\AdobeAAMUpdater-1.0-BOPEEP-Compaq_Administrator.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-12-04 09:44]
.
2011-12-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]
.
2011-12-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3122169640-262842125-2451393388-1007Core.job
- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-18 19:00]
.
2011-12-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3122169640-262842125-2451393388-1007UA.job
- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-18 19:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.sweetim.com
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://home.sweetim.com
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
Trusted Zone: babynamescentral.com\www
Trusted Zone: trymedia.com
TCP: DhcpNameServer = 192.168.1.254
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\uqjfirve.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://aol.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3070524&SearchSource=2&q=
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: extentions.y2layers.installId - d65cc208-117e-45b6-86db-0136932a65c1
FF - user.js: extentions.y2layers.defaultEnableAppsLi st - Buzzdock,BuzzdockTease,DropDownDeals,BestVideoDownloader,BestVideoDownloader,
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-~EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
URLSearchHooks-~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
BHO-{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - c:\program files\Yontoo\YontooIEClient.dll
SharedTaskScheduler-{8b565bf9-8198-495f-ba43-b3e6976c87cd} - c:\windows\system32\gebojele.dll
AddRemove-Play Pickle - c:\program files\Play Pickle\ppun.exe
AddRemove-Shop to Win 4 - c:\program files\Shop to Win 4\Uninst.exe
AddRemove-Yahoo! Search Defender - c:\progra~1\Yahoo!\SEARCH~1\UNINST~1.EXE
AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - c:\docume~1\ALLUSE~1\APPLIC~1\TARMAI~1\{889DF~1\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-14 15:15
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_b427739.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(704)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(3152)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\RTHDCPL.EXE
c:\windows\arservice.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
c:\program files\Symantec\LiveUpdate\AUPDATE.EXE
.
**************************************************************************
.
Completion time: 2011-12-14 15:20:49 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-14 21:20
ComboFix2.txt 2008-11-16 16:58
.
Pre-Run: 91,253,227,520 bytes free
Post-Run: 91,475,607,552 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect /bootlog
.
- - End Of File - - 6626F8A2533F0FFD411C801D32AA40B0

strangerinchi · « **Reply #11 on:** December 14, 2011, 03:38:38 PM »

UPDATE: XP AntiSpyware software reappeared on pc 20 mins after Combofix finished!
I went back to safe mode and identified the file as oyo.exe masquerading as "Windows Music application file and it was created today and I sent it to Recycle Bin. Now I am having problems opening programs as it will show the "Open As.." box instead of going to the direct program. Currently in safe mode redownloading SpyBot and gonna see if I can scan with it.

SuperDave · « **Reply #12 on:** December 14, 2011, 05:09:27 PM »

Quote

Currently in safe mode redownloading SpyBot and gonna see if I can scan with it.

Please do not run any other programs unless I ask you to do so.

Please download SREng

Extract it to Desktop and double click SREngLdr.EXE to run it
Select System Repair from the left pane.
Click on File Association
Select all entries that has an Error status click [Repair]
Refer to this image for an example:

In your case, it would be .EXE
Close SREng now.

.

ComboFix is installed in the wrong location. Please uninstall/delete it and download a new version to your desktop and run another scan and post the log. There's something I need to fix.

strangerinchi · « **Reply #13 on:** December 15, 2011, 10:05:06 AM »

UPDATE: Hi, again! Running ComboFix screen and it has said "Combofix is preparing to run" for more than 10 minutes now and hasn't gone past that. Is that normal, cuz last time it was much faster.

SuperDave · « **Reply #14 on:** December 15, 2011, 12:29:21 PM »

Please try this. Delete ComboFix from your desktop.

Please download ComboFix

from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com
If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Rename ComboFix.exe to commy.exe before you save it to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools ]A guide to do this can be found here
Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

Computer Hope Forum

News:

Author Topic: Win32 MB Rootkit from XP Antispyware Virus (Read 30338 times)

strangerinchi

Win32 MB Rootkit from XP Antispyware Virus

SuperDave

Re: Win32 MB Rootkit from XP Antispyware Virus

strangerinchi

Re: Win32 MB Rootkit from XP Antispyware Virus

strangerinchi

Re: Win32 MB Rootkit from XP Antispyware Virus

strangerinchi

Re: Win32 MB Rootkit from XP Antispyware Virus

strangerinchi

Re: Win32 MB Rootkit from XP Antispyware Virus

strangerinchi

Re: Win32 MB Rootkit from XP Antispyware Virus

SuperDave

Re: Win32 MB Rootkit from XP Antispyware Virus

strangerinchi

Re: Win32 MB Rootkit from XP Antispyware Virus

strangerinchi

Re: Win32 MB Rootkit from XP Antispyware Virus

strangerinchi

Re: ComboFIX fixed the problem

strangerinchi

Re: Win32 MB Rootkit from XP Antispyware Virus

SuperDave

Re: Win32 MB Rootkit from XP Antispyware Virus

strangerinchi

Re: Win32 MB Rootkit from XP Antispyware Virus

SuperDave

Re: Win32 MB Rootkit from XP Antispyware Virus