Author Topic: Win32 MB Rootkit from XP Antispyware Virus (Read 30339 times)

strangerinchi · « **on:** December 13, 2011, 01:42:30 PM »

I don't know how but I was infected with XP Anti Spyware 2012 rogue software from what i think may have been an unsafe video streaming site. Well I deleted the main file of the software (gix.exe) from Application Data and I thought that had gotten rid of the virus, but afterwards the system slowly started getting slower and slower. Well the other day I discovered another part of the virus (YontooIEClient.dll) in the Program Files folder. I also found Win32/OpenCandy....Both were trojans. But even deleting that didn't cure the problem right away. Then I updated Spybot S&D and scanned with that and I found 87 entries infected, with at least 5-6 Trojans (Virtumonde.atr, Bredolab.fb, Win32.Adload.r, Fraud.Sysguard, Win32.TDSS.rtk and found two jobs, avwcbqig.job and ncszelwk.job running in the Tasks folder and 2 files in the sys32 folder; UACrkqwnsmsowbtdbo.log, tmp.log).
And I deleted all of the entries. For a while, the system seemed fine and then gradually, but quickly it became slow AGAIN and soon I was not able to log in properly as it froze at the desktop. I'm just wondering how to get rid of any replicating viruses for GOOD without having the pc serviced. I'm scanning with ESET at the moment and it's picking up more things (like OpenCandy trojan). What should I do? I do not have the funds at the moment. Thanks; your help is very much appreciated.

SuperDave · « **Reply #1 on:** December 13, 2011, 04:29:18 PM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
**********************************************

Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
**********************************************
Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
* Save both reports to your desktop.
* The instructions here ask you to attach the Attach.txt.

1) DDS.txt
2) Attach.txt
Instead of attaching, please copy/past both logs into your Thread

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.

•Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE .Then post your DDS logs. (DDS.txt and Attach.txt )

strangerinchi · « **Reply #2 on:** December 13, 2011, 06:15:22 PM »

Hi here are the logs for DDS and ATTACH scans, MBAM and Super Anti-Spyware scans coming soon, thank you for your help!

===========================================================

DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Run by Compaq_Administrator at 1:12:57 on 2011-12-12
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1982.1648 [GMT -6:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://home.sweetim.com
uSearch Page = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uSearch Bar = hxxp://safesearch.cyberdefender.com/smallsearch.html
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://home.sweetim.com
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
uURLSearchHooks: AOL Messaging Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
uURLSearchHooks: FCToolbarURLSearchHook Class: {f78bf7a8-cf12-4de7-a6da-c463d1b539a7} - c:\program files\dogpile bundle toolbar\Helper.dll
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: midicairUSA Toolbar: {f3902028-4a21-4793-8e05-793e183d51c2} - c:\program files\midicairusa\prxtbmidi.dll
mURLSearchHooks: AOL Messaging Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Yahooo Search Protection: {25bc7718-0bfa-40ea-b381-4b2d9732d686} - c:\program files\yahoo!\search protection\ysp.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Yahoo! IE Suggest: {5a263cf7-56a6-4d68-a8cf-345be45bc911} - c:\program files\yahoo!\searchsuggest\YSearchSuggest.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Shop to Win 4: {91917dc6-93b9-4e62-b2d6-d39c9618c418} - c:\program files\shop to win 4\ShoppingBHO.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\8.0.0.40\AVG Secure Search_toolbar.dll
BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: AOL Messaging Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Dogpile Bundle Toolbar BHO: {bfe4b5cb-63f7-4a51-9266-6167655d5b4f} - c:\program files\dogpile bundle toolbar\Toolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll
BHO: midicairUSA Toolbar: {f3902028-4a21-4793-8e05-793e183d51c2} - c:\program files\midicairusa\prxtbmidi.dll
BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo\YontooIEClient.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn3\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Dogpile Bundle Toolbar: {c80bdeb2-8735-44c6-bd55-a1ccd555667a} - c:\program files\dogpile bundle toolbar\Toolbar.dll
TB: AOL Messaging Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: midicairUSA Toolbar: {f3902028-4a21-4793-8e05-793e183d51c2} - c:\program files\midicairusa\prxtbmidi.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\8.0.0.40\AVG Secure Search_toolbar.dll
EB: AT&&T Yahoo! Sidebar: {51085e3d-a958-42a2-a6be-a6a9b0baf276} - c:\program files\yahoo!\browser\ysidebarIE.dll
uRun: [Google Update] "c:\documents and settings\compaq_administrator\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask .exe" -atboottime
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [BackupNowEZtray] "c:\program files\newtech infosystems\backup now ez\BackupNowEZtray.exe" -k
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
StartupFolder: c:\docume~1\compaq~1\startm~1\programs\startup\autoru~1\antima~1.lnk - c:\documents and settings\compaq_administrator\application data\dbf4505d2e0503b99dd8e1d3dbbbd72d\sorttp700.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\Orbit.lnk -
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: &Search - ?s=100000343&p=ZKfox000&si=&a=IXJ3gQpP4lGqxluXrfxKog&n=2010040213
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - c:\program files\yahoo!\search protection\ysp.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: mswsock.dll
Trusted Zone: babynamescentral.com\www
Trusted Zone: trymedia.com
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper200711281.dll
DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} - hxxp://asp.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase2474.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {95D88B35-A521-472B-A182-BB1A98356421} - hxxp://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - hxxp://support.f-secure.com/ols/fscax.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} - hxxp://asp.mathxl.com/books/_Players/MathPlayer.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{5D534568-0898-4523-AE18-DE2497E58463} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D} : DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\8.0.1\ViProtocol.dll
Notify: khfgebc - khfgebc.dll
STS: tokatiluy: {8b565bf9-8198-495f-ba43-b3e6976c87cd} - c:\windows\system32\gebojele.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\gebcd.dll
LSA: Notification Packages = scecli o f o n o . d l l nilofono.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\compaq_administrator\application data\mozilla\firefox\profiles\uqjfirve.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://aol.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3070524&SearchSource=2&q=
FF - component: c:\documents and settings\compaq_administrator\application data\mozilla\firefox\profiles\uqjfirve.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCoreGecko19.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - component: c:\program files\orbitdownloader\addons\oneclickyoutubedownloader\components\GrabXpcom .dll
FF - plugin: c:\documents and settings\compaq_administrator\application data\mozilla\firefox\profiles\uqjfirve.default\extensions\{1bc9ba34-1eed-42ca-a505-6d2f1a935bbb}\plugins\npietab2.dll
FF - plugin: c:\documents and settings\compaq_administrator\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\documents and settings\compaq_administrator\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npsabffx.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\superadblocker.com\npsabffx.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: extentions.y2layers.installId - d65cc208-117e-45b6-86db-0136932a65c1
FF - user.js: extentions.y2layers.defaultEnableAppsLi st - Buzzdock,BuzzdockTease,DropDownDeals,BestVideoDownloader,BestVideoDownloade r,
.
============= SERVICES / DRIVERS ===============
.
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-12-11 435032]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-12-11 314456]
S2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-9 14336]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-12-11 20568]
S2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-12-11 44768]
S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S2 NTI BackupNowEZSvr;NTI BackupNowEZSvr;c:\program files\newtech infosystems\backup now ez\BackupNowEZSvr.exe [2009-9-19 45312]
S2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-11-10 1174664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 RkHit;RkHit;\??\c:\windows\system32\drivers\rkhit.sys --> c:\windows\system32\drivers\RKHit.sys [?]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
.
=============== Created Last 30 ================
.
2011-12-12 07:08:04 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2011-12-12 05:03:43 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-12-11 20:32:27 -------- d-----w- c:\documents and settings\compaq_administrator\application data\AVG2012
2011-12-11 20:26:12 -------- d-----w- c:\documents and settings\compaq_administrator\application data\AVG Secure Search
2011-12-11 20:25:58 -------- d-----w- c:\program files\common files\AVG Secure Search
2011-12-11 20:25:51 -------- d-----w- c:\program files\AVG Secure Search
2011-12-11 20:25:39 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2011-12-11 20:23:40 -------- d-----w- c:\windows\system32\drivers\AVG
2011-12-11 20:23:40 -------- d-----w- c:\documents and settings\all users\application data\AVG2012
2011-12-11 20:22:47 -------- d-----w- c:\program files\AVG
2011-12-11 20:01:58 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2011-12-11 19:32:51 -------- d-----w- C:\a39014efedd8604e4c25e763
2011-12-11 19:06:14 -------- d-----w- c:\program files\common files\PC Tools
2011-12-11 19:03:04 -------- d-----w- c:\documents and settings\compaq_administrator\application data\TestApp
2011-12-11 18:19:38 -------- d-----w- c:\program files\Conduit
2011-12-11 18:19:37 -------- d-----w- c:\documents and settings\compaq_administrator\local settings\application data\midicairUSA
2011-12-11 18:19:37 -------- d-----w- c:\documents and settings\compaq_administrator\local settings\application data\Conduit
2011-12-11 18:19:35 -------- d-----w- c:\program files\midicairUSA
2011-12-11 17:35:47 -------- d-----w- c:\documents and settings\compaq_administrator\local settings\application data\NPE
2011-12-11 17:35:47 -------- d-----w- c:\documents and settings\all users\application data\Norton
2011-12-11 13:32:26 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2011-12-11 13:10:52 154496 ----a-w- c:\windows\system32\dllcache\icam4usb.sys
2011-12-11 12:53:19 27648 ----a-w- c:\windows\system32\dllcache\cyzports.dll
2011-12-11 12:46:19 22044 ----a-w- c:\windows\system32\dllcache\cem33n5.sys
2011-12-11 11:45:13 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-12-11 11:44:59 41184 ----a-w- c:\windows\avastSS.scr
2011-12-11 11:44:47 -------- d-----w- c:\program files\AVAST Software
2011-12-11 11:44:47 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2011-12-11 09:03:38 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-12-11 09:03:37 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-12-11 09:02:48 -------- d-----w- c:\documents and settings\all users\application data\Hitman Pro
2011-12-11 07:31:21 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
2011-12-10 09:47:44 -------- d-----w- c:\documents and settings\all users\application data\Tarma Installer
2011-12-10 06:10:38 -------- d-----w- c:\program files\common files\McAfee
2011-12-04 16:46:11 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-12-04 16:46:11 -------- d-----w- c:\windows\system32\wbem\Repository
2011-12-04 16:45:35 -------- d-----w- c:\documents and settings\compaq_administrator\local settings\application data\Solid State Networks
2011-12-04 14:23:53 -------- d-----w- c:\program files\McAfee
2011-12-01 06:09:42 -------- d-----w- c:\documents and settings\all users\application data\McAfee Security Scan
2011-12-01 06:09:38 -------- d-----w- c:\program files\McAfee Security Scan
2011-11-16 07:36:33 -------- d-----w- c:\documents and settings\compaq_administrator\application data\QuickScan
2011-11-16 05:36:45 -------- d-----w- c:\program files\ESET
.
==================== Find3M ====================
.
2011-10-07 12:23:48 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-04 12:21:42 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-09-13 12:30:10 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
.
============= FINISH: 1:13:34.32 ===============
----------------------------------------------------------------------------------------------------------------------------

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/5/2007 10:26:22 PM
System Uptime: 12/11/2011 9:07:53 PM (4 hours ago)
.
Motherboard: ASUSTek Computer INC. | | NAOS
Processor: AMD Athlon(tm) 64 Processor 3500+ | Socket AM2 | 2204/199mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 140 GiB total, 83.6 GiB free.
D: is FIXED (FAT32) - 9 GiB total, 0.539 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: IDE\CDROMLITE-ON_DVDRW_SHM-165H6S________________HP10____\5&349AA4DF&0&0.0.0
Manufacturer: (Standard CD-ROM drives)
Name: LITE-ON DVDRW SHM-165H6S
PNP Device ID: IDE\CDROMLITE-ON_DVDRW_SHM-165H6S________________HP10____\5&349AA4DF&0&0.0.0
Service: cdrom
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
7-Zip 4.65
Adobe AIR
Adobe Community Help
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe InDesign CS5
Adobe Media Player
Adobe Reader 8.1.1
AIM 7
Aiprosoft iPod Touch Video Converter
Akamai NetSession Interface
Akamai NetSession Interface Service
AOL Messaging Toolbar
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
AT&T Self Support Tool
AT&T Yahoo! Applications
Audacity 1.2.6
avast! Free Antivirus
AVG 2012
Bonjour
BroadJump Client Foundation
BufferChm
CA Yahoo! Anti-Spy (remove only)
CCleaner (remove only)
CCScore
Compaq Connections (remove only)
Compatibility Pack for the 2007 Office system
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
cp_UpdateProjectsConfig
CueTour
Customer Experience Enhancement
Data Fax SoftModem with SmartCP
Destinations
DeviceManagementQFolder
Dogpile Bundle Toolbar
Download Updater (AOL LLC)
Easy Internet Sign-up
Entropia Universe
ESET Online Scanner v3
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
Fast Browser Search for Firefox (My Web Tattoo)
fflink
FullDPAppQFolder
GemMaster Mystic
GIMP 2.6.8
Google Chrome
High Definition Audio Driver Package - KB888111
Hitman Pro 3.5
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB912024)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB945060-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Boot Optimizer
HP Deskjet 3840
HP DVD Play 2.1
HP Games 3.43.97
HP Imaging Device Functions 7.0
HP Photosmart Premier Software 6.5
HP Support Overview
HP Update
HP Web Helper
HPPhotoSmartExpress
HpSdpAppCoreApp
iDump (Backing up your iPod)
ImageRescue3
InstantShareDevices
iTunes
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 13
Java(TM) 6 Update 2
Junk Mail filter update
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
LightScribe 1.4.105.1
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Malwarebytes' Anti-Malware version 1.51.2.1300
Manga Studio Debut 4.0
McAfee Security Scan Plus
McAfee SiteAdvisor
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Away Mode
Microsoft Choice Guard
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2006
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003 60 days trial
Microsoft Office XP Professional with FrontPage
Microsoft Search Enhancement Pack
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
midicairUSA Toolbar
MobileMe Control Panel
Mozilla Firefox 8.0.1 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
My HP Games
MyIdentityDefender Toolbar (CyberDefender Corporation)
netbrdg
Netscape Browser (remove only)
NTI Backup Now EZ
NVIDIA Drivers
Octoshape add-in for Adobe Flash Player
OfotoXMI
OptionalContentQFolder
Orbit Downloader
Otto
PC-Doctor 5 for Windows
PC Fix Speed 1.0.0.0
PCSafeDoctor
PDF Settings CS5
PhotoGallery
Play Pickle
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
Quicken 2006
QuickTime
RandMap
RCA Detective™ 3.0.0.101
RCA easyRip 2.4.6.0
RCA Updater 2.0.0.0
Realtek High Definition Audio Driver
Rhapsody
SecondLifeViewer2 (remove only)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Segoe UI
SFR
SHASTA
Shop to Win 4
skin0001
SkinsHP1
SKINXSDK
Skype Click to Call
Skype™ 5.5
SlideShow
SlideShowMusic
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sonic_PrimoSDK
Spybot - Search & Destroy
staticcr
Symantec KB-DocID:2003093015493306
The Rosetta Stone
The Weather Channel Desktop 6
Unity Web Player
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Media Format SDK (KB902344)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB953356)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
VideoSpirit Pro 1.72
VoiceOver Kit
VPRINTOL
WeatherBug
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format Runtime
Windows Media Player Firefox Plugin
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892050
Windows XP Hotfix - KB893066
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB912067
Windows XP Media Center Edition 2005 KB973768
WIRELESS
Xvid 1.2.1 final uninstall
Yahoo! Search Protection
Yahoo! Search Suggest Add-on for IE7
Yahoo! Software Update
Yontoo 1.10.02
Zoosk Messenger
.
==== Event Viewer Messages From Past Week ========
.
12/7/2011 9:01:00 AM, error: Schedule [7901] - The At10.job command failed to start due to the following error: %%2147942402
12/7/2011 8:01:00 AM, error: Schedule [7901] - The At9.job command failed to start due to the following error: %%2147942402
12/7/2011 7:01:00 AM, error: Schedule [7901] - The At8.job command failed to start due to the following error: %%2147942402
12/7/2011 6:01:00 AM, error: Schedule [7901] - The At7.job command failed to start due to the following error: %%2147942402
12/7/2011 5:01:00 AM, error: Schedule [7901] - The At6.job command failed to start due to the following error: %%2147942402
12/7/2011 4:01:00 AM, error: Schedule [7901] - The At5.job command failed to start due to the following error: %%2147942402
12/7/2011 3:01:00 AM, error: Schedule [7901] - The At4.job command failed to start due to the following error: %%2147942402
12/7/2011 2:01:00 AM, error: Schedule [7901] - The At3.job command failed to start due to the following error: %%2147942402
12/7/2011 12:01:00 PM, error: Schedule [7901] - The At13.job command failed to start due to the following error: %%2147942402
12/7/2011 12:01:00 AM, error: Schedule [7901] - The At1.job command failed to start due to the following error: %%2147942402
12/7/2011 11:01:00 AM, error: Schedule [7901] - The At12.job command failed to start due to the following error: %%2147942402
12/7/2011 10:01:00 AM, error: Schedule [7901] - The At11.job command failed to start due to the following error: %%2147942402
12/7/2011 1:01:00 PM, error: Schedule [7901] - The At14.job command failed to start due to the following error: %%2147942402
12/7/2011 1:01:00 AM, error: Schedule [7901] - The At2.job command failed to start due to the following error: %%2147942402
12/6/2011 9:01:00 PM, error: Schedule [7901] - The At22.job command failed to start due to the following error: %%2147942402
12/6/2011 8:01:00 PM, error: Schedule [7901] - The At21.job command failed to start due to the following error: %%2147942402
12/6/2011 7:01:00 PM, error: Schedule [7901] - The At20.job command failed to start due to the following error: %%2147942402
12/6/2011 6:01:00 PM, error: Schedule [7901] - The At19.job command failed to start due to the following error: %%2147942402
12/6/2011 5:01:00 PM, error: Schedule [7901] - The At18.job command failed to start due to the following error: %%2147942402
12/6/2011 4:01:00 PM, error: Schedule [7901] - The At17.job command failed to start due to the following error: %%2147942402
12/6/2011 3:01:00 PM, error: Schedule [7901] - The At16.job command failed to start due to the following error: %%2147942402
12/6/2011 2:01:00 PM, error: Schedule [7901] - The At15.job command failed to start due to the following error: %%2147942402
12/6/2011 11:01:00 PM, error: Schedule [7901] - The At24.job command failed to start due to the following error: %%2147942402
12/6/2011 10:01:00 PM, error: Schedule [7901] - The At23.job command failed to start due to the following error: %%2147942402
12/11/2011 8:50:18 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McComponentHostService with arguments "" in order to run the server: {CC6F4D12-8575-4CFF-9455-CF5774AEB13B}
12/11/2011 8:13:53 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD AmdK8 aswRdr aswSnx aswSP aswTdi Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
12/11/2011 6:04:06 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'cdrom.sys' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
12/11/2011 5:45:06 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
12/11/2011 5:21:33 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
12/11/2011 3:39:22 AM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
12/11/2011 2:49:01 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK8 Fips
12/11/2011 2:42:35 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AmdK8 aswSnx aswSP aswTdi Avgldx86 Avgmfx86 Fips
12/11/2011 12:14:38 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
12/11/2011 12:13:25 AM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
12/11/2011 12:11:33 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AmdK8 aswSnx aswSP aswTdi Fips
12/11/2011 12:03:45 AM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: This operation returned because the timeout period expired.
12/11/2011 12:00:26 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McAfee SiteAdvisor Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}
12/11/2011 12:00:17 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AmdK8 aswSP aswTdi Fips
12/11/2011 11:58:29 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD AmdK8 aswRdr aswSnx aswSP aswTdi Fips IntelIde IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip ViaIde
12/11/2011 11:55:30 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Image Acquisition (WIA) service to connect.
12/11/2011 11:55:30 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Symantec Core LC service to connect.
12/11/2011 11:55:30 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the SSDP Discovery Service service to connect.
12/11/2011 11:55:30 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the SeaPort service to connect.
12/11/2011 11:55:30 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the NVIDIA Display Driver Service service to connect.
12/11/2011 11:55:30 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the NTI BackupNowEZSvr service to connect.
12/11/2011 11:55:30 AM, error: Service Control Manager [7001] - The Media Center Extender Service service depends on the SSDP Discovery Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
12/11/2011 11:55:30 AM, error: Service Control Manager [7000] - The Windows Image Acquisition (WIA) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/11/2011 11:55:30 AM, error: Service Control Manager [7000] - The Symantec Core LC service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/11/2011 11:55:30 AM, error: Service Control Manager [7000] - The SSDP Discovery Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/11/2011 11:55:30 AM, error: Service Control Manager [7000] - The SeaPort service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/11/2011 11:55:30 AM, error: Service Control Manager [7000] - The NVIDIA Display Driver Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/11/2011 11:55:30 AM, error: Service Control Manager [7000] - The NTI BackupNowEZSvr service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/11/2011 1:46:16 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde ViaIde
12/10/2011 11:58:53 PM, error: NetBT [4311] - Initialization failed because the driver device could not be created.
12/10/2011 11:50:29 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD AmdK8 aswSP aswTdi Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
12/10/2011 11:50:29 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
12/10/2011 11:50:29 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/10/2011 11:50:29 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/10/2011 11:50:29 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
12/10/2011 11:50:29 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/10/2011 11:50:29 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/10/2011 11:49:51 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
12/10/2011 11:49:42 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/10/2011 11:49:35 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
12/10/2011 11:47:21 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.
.
==== End Of File ===========================

ATTACH.TXT LOG
----------------------------------------------------------------------------------------------
==========================================================
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/5/2007 10:26:22 PM
System Uptime: 12/11/2011 9:07:53 PM (4 hours ago)
.
Motherboard: ASUSTek Computer INC. | | NAOS
Processor: AMD Athlon(tm) 64 Processor 3500+ | Socket AM2 | 2204/199mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 140 GiB total, 83.6 GiB free.
D: is FIXED (FAT32) - 9 GiB total, 0.539 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: IDE\CDROMLITE-ON_DVDRW_SHM-165H6S________________HP10____\5&349AA4DF&0&0.0.0
Manufacturer: (Standard CD-ROM drives)
Name: LITE-ON DVDRW SHM-165H6S
PNP Device ID: IDE\CDROMLITE-ON_DVDRW_SHM-165H6S________________HP10____\5&349AA4DF&0&0.0.0
Service: cdrom
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
7-Zip 4.65
Adobe AIR
Adobe Community Help
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe InDesign CS5
Adobe Media Player
Adobe Reader 8.1.1
AIM 7
Aiprosoft iPod Touch Video Converter
Akamai NetSession Interface
Akamai NetSession Interface Service
AOL Messaging Toolbar
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
AT&T Self Support Tool
AT&T Yahoo! Applications
Audacity 1.2.6
avast! Free Antivirus
AVG 2012
Bonjour
BroadJump Client Foundation
BufferChm
CA Yahoo! Anti-Spy (remove only)
CCleaner (remove only)
CCScore
Compaq Connections (remove only)
Compatibility Pack for the 2007 Office system
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
cp_UpdateProjectsConfig
CueTour
Customer Experience Enhancement
Data Fax SoftModem with SmartCP
Destinations
DeviceManagementQFolder
Dogpile Bundle Toolbar
Download Updater (AOL LLC)
Easy Internet Sign-up
Entropia Universe
ESET Online Scanner v3
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
Fast Browser Search for Firefox (My Web Tattoo)
fflink
FullDPAppQFolder
GemMaster Mystic
GIMP 2.6.8
Google Chrome
High Definition Audio Driver Package - KB888111
Hitman Pro 3.5
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB912024)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB945060-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Boot Optimizer
HP Deskjet 3840
HP DVD Play 2.1
HP Games 3.43.97
HP Imaging Device Functions 7.0
HP Photosmart Premier Software 6.5
HP Support Overview
HP Update
HP Web Helper
HPPhotoSmartExpress
HpSdpAppCoreApp
iDump (Backing up your iPod)
ImageRescue3
InstantShareDevices
iTunes
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 13
Java(TM) 6 Update 2
Junk Mail filter update
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
LightScribe 1.4.105.1
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Malwarebytes' Anti-Malware version 1.51.2.1300
Manga Studio Debut 4.0
McAfee Security Scan Plus
McAfee SiteAdvisor
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Away Mode
Microsoft Choice Guard
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2006
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003 60 days trial
Microsoft Office XP Professional with FrontPage
Microsoft Search Enhancement Pack
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
midicairUSA Toolbar
MobileMe Control Panel
Mozilla Firefox 8.0.1 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
My HP Games
MyIdentityDefender Toolbar (CyberDefender Corporation)
netbrdg
Netscape Browser (remove only)
NTI Backup Now EZ
NVIDIA Drivers
Octoshape add-in for Adobe Flash Player
OfotoXMI
OptionalContentQFolder
Orbit Downloader
Otto
PC-Doctor 5 for Windows
PC Fix Speed 1.0.0.0
PCSafeDoctor
PDF Settings CS5
PhotoGallery
Play Pickle
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
Quicken 2006
QuickTime
RandMap
RCA Detective™ 3.0.0.101
RCA easyRip 2.4.6.0
RCA Updater 2.0.0.0
Realtek High Definition Audio Driver
Rhapsody
SecondLifeViewer2 (remove only)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Se

strangerinchi · « **Reply #3 on:** December 13, 2011, 08:10:16 PM »

Okay, I made a mistake, please forgive me. I don't know how to edit my post....I posted old logs from the other day and not in the order as follows. Currently I am scanning with Super Anti-Spyware and I will post that when the scan finishes. Thanks, again.

strangerinchi · « **Reply #4 on:** December 14, 2011, 01:00:19 AM »

Hi again. Here is my SAS log. I scanned and thought I found 103 trojans...I think most of those were false negatives and the wrong files because when I went to regular mode my pc still froze within startup. MBAM, new DDS and GMER logs soon to follow....

======================================================

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/14/2011 at 01:17 AM

Application Version : 5.0.1136

Core Rules Database Version : 8049
Trace Rules Database Version: 5861

Scan type : Complete Scan
Total Scan Time : 03:09:51

Operating System Information
Windows XP Professional 32-bit, Service Pack 2 (Build 5.01.2600)
Administrator

Memory items scanned : 352
Memory threats detected : 0
Registry items scanned : 39078
Registry threats detected : 9
File items scanned : 273379
File threats detected : 1901

Adware.MyWebSearch/FunWebProducts
   HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE
   HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE#NextInstance
   HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000
   HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#Service
   HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#Legacy
   HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#ConfigFlags
   HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#Class
   HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#ClassGUID
   HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#DeviceDesc
   ZIP ARCHIVE( C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SPYBOT - SEARCH & DESTROY\RECOVERY\MYWAYMYWEBSEARCH118.ZIP )/PROGRAM FILES/MYWEBSEARCH/BAR/2.BIN/F3PSSAVR.SCR
   C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SPYBOT - SEARCH & DESTROY\RECOVERY\MYWAYMYWEBSEARCH118.ZIP
   ZIP ARCHIVE( C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SPYBOT - SEARCH & DESTROY\RECOVERY\MYWAYMYWEBSEARCH66.ZIP )/PROGRAM FILES/MYWEBSEARCH/BAR/2.BIN/F3PSSAVR.SCR
   C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SPYBOT - SEARCH & DESTROY\RECOVERY\MYWAYMYWEBSEARCH66.ZIP

Adware.Gamevance
   C:\Program Files\PLAY PICKLE\ars.cfg
   C:\Program Files\PLAY PICKLE\icon.ico
   C:\Program Files\PLAY PICKLE
   C:\Program Files\Gamevance Games\ars.cfg
   C:\Program Files\Gamevance Games

Adware.Tracking Cookie
   C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@advertising[1].txt [ /advertising ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt [ /ar.atwola ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt [ /at.atwola ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@atdmt[1].txt [ /atdmt ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@atwola[1].txt [ /atwola ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt [ /c.atdmt ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt [ /cdn.at.atwola ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@doubleclick[1].txt [ /doubleclick ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@imrworldwide[2].txt [ /imrworldwide ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@invitemedia[2].txt [ /invitemedia ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@media6degrees[2].txt [ /media6degrees ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@questionmarket[2].txt [ /questionmarket ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@stopzilla[1].txt [ /stopzilla ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt [ /tacoda.at.atwola ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt [ /www.stopzilla ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@247realmedia[1].txt [ /247realmedia ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@2o7[2].txt [ /2o7 ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt [ /a1.interclick ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt [ /ad.360yield ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@adbrite[2].txt [ /adbrite ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@adlegend[2].txt [ /adlegend ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@admarketplace[1].txt [ /admarketplace ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt [ /ads.adk2 ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt [ /ads.bighealthtree ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt [ /ads.blogtalkradio ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt [ /ads.creafi ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt [ /ads.footar ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt [ /ads.gamersmedia ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt [ /ads.lycos ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt [ /ads.pointroll ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt [ /ads.pubmatic ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt [ /ads.undertone ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt [ /ads2.zeusclicks ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt [ /adserver.adtechus ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt [ /adserver.hardsextube ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt [ /adserving.ezanga ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@adtech[1].txt [ /adtech ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt [ /adup.rotator.hadj7.adjuggler ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@advertise[1].txt [ /advertise ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@advertising[2].txt [ /advertising ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@adxpose[1].txt [ /adxpose ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt [ /aimfar.solution.weborama ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt [ /akamai.interclickproxy ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt [ /ar.atwola ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt [ /at.atwola ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@atdmt[2].txt [ /atdmt ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@atwola[1].txt [ /atwola ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt [ /banners.fuckbookhookups ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@brandspotmedia[1].txt [ /brandspotmedia ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt [ /bridge2.admarketplace ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt [ /c.gigcount ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt [ /cdn.jemamedia ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@collective-media[2].txt [ /collective-media ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt [ /content.yieldmanager ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@crackle[2].txt [ /crackle ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@eclickz[2].txt [ /eclickz ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@enhance[2].txt [ /enhance ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@entrepreneur[1].txt [ /entrepreneur ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@ero-advertising[1].txt [ /ero-advertising ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt [ /filter.plusfind ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@getclicky[1].txt [ /getclicky ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@ghmedia[1].txt [ /ghmedia ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@goodcholesterolcount[2].txt [ /goodcholesterolcount ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@hardsextube[1].txt [ /hardsextube ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@harrenmedianetwork[1].txt [ /harrenmedianetwork ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@histats[1].txt [ /histats ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@histats[2].txt [ /histats ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@imrworldwide[2].txt [ /imrworldwide ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt [ /in.getclicky ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@indieclick[1].txt [ /indieclick ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@insightexpressai[2].txt [ /insightexpressai ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@interclick[1].txt [ /interclick ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@invitemedia[1].txt [ /invitemedia ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@legolas-media[1].txt [ /legolas-media ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@lfstmedia[1].txt [ /lfstmedia ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@lucidmedia[1].txt [ /lucidmedia ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt [ /madethecut.112.2o7 ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt [ /media.adfrontiers ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@media6degrees[1].txt [ /media6degrees ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt [ /mediaservices-d.openxenterprise ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt [ /miva.cinomedia ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt [ /mm.chitika ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@myroitracking[1].txt [ /myroitracking ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt [ /optimize.indieclick ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@pointroll[1].txt [ /pointroll ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@pornhub[1].txt [ /pornhub ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@pro-market[1].txt [ /pro-market ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@questionmarket[2].txt [ /questionmarket ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt [ /r1-ads.ace.advertising ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@realmedia[2].txt [ /realmedia ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@revsci[2].txt [ /revsci ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt [ /rotator.adjuggler ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@ru4[2].txt [ /ru4 ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt [ /server.cpmstar ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@serving-sys[2].txt [ /serving-sys ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@specificclick[1].txt [ /specificclick ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt [ /static.getclicky ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt [ /tacoda.at.atwola ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@technoratimedia[2].txt [ /technoratimedia ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@traffichaus[1].txt [ /traffichaus ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@trafficmp[2].txt [ /trafficmp ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@traveladvertising[2].txt [ /traveladvertising ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@tribalfusion[2].txt [ /tribalfusion ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@uiadserver[1].txt [ /uiadserver ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt [ /view.atdmt ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@weborama[1].txt [ /weborama ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt [ /www.pornhub ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@yieldmanager[1].txt [ /yieldmanager ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt [ /youngbucks.rotator.hadj7.adjuggler ]
   C:\Documents and Settings\Compaq_Administrator\Cookies\system@googleads6[1].txt [ /googleads6.in ]
   C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\administrator@atwola[2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\administrator@advertising[1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\Cookies\compaq_administrator@adsonar[2].txt [ Cookie:[email protected]/adserving ]
   C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\Cookies\compaq_administrator@clkads[3].txt [ Cookie:[email protected]/adServe/banners/ ]
   C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\Cookies\compaq_administrator@clkads[2].txt [ Cookie:[email protected]/adServe/banners ]
   C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\Cookies\system@adsonar[3].txt [ Cookie:[email protected]/adserving ]
   C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\Cookies\system@bluesearchsite[1].txt [ Cookie:[email protected]/click/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@imrworldwide[2].txt [ Cookie:[email protected]/cgi-bin ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@ru4[2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@fastclick[1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@geltmedia[1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@pointroll[1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@myroitracking[2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@media6degrees[2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@revsci[1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@goclicker[2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@atdmt[2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@adsonar[3].txt [ Cookie:[email protected]/adserving ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@doubleclick[1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@lucidmedia[1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\[email protected][3].txt [ Cookie:[email protected]/advertisement/includes/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@getclicky[1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@trafficmp[1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@collective-media[2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@clickkick[2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@amazon-adsystem[1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@realmedia[1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@lfstmedia[1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@uiadserver[1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@find-education-courses[1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@burstnet[1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@histats[2].txt [ Cookie:[email protected]/stats/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@adbrite[2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@yieldmanager[1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@apmebf[2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@adxpose[1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@advertise[1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@crackle[2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@boom-find[1].txt [ Cookie:[email protected]/click/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@pro-market[2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@sadsearch[1].txt [ Cookie:[email protected]/click/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@entrepreneur[1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@bizzclick[2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@casalemedia[1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@questionmarket[2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@tribalfusion[1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@statcounter[2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@247realmedia[2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@clicksor[2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@histats[1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@advertising[2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@citygridmedia[2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@cherrysearch[1].txt [ Cookie:[email protected]/click/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\[email protected][1].txt [ Cookie:[email protected]/pagead/conversion/977140604/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@localfindstuff[1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@micklemedia[2].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@come-find[1].txt [ Cookie:[email protected]/click/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@perfectsearchengines[1].txt [ Cookie:[email protected]/click/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@adtech[1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@findology[1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
   cdn.insights.gravity.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\S28KVEUR ]
   macromedia.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\S28KVEUR ]
   s0.2mdn.net [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\S28KVEUR ]
   .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .pointroll.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .atdmt.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .atdmt.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .atdmt.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .atdmt.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .adinterax.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .adinterax.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .advertising.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .adbrite.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .adbrite.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .inspiremediagrouponline.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .inspiremediagrouponline.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .media6degrees.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .adbrite.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .fastclick.net [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .fastclick.net [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .lucidmedia.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .trafficmp.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .trafficmp.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .trafficmp.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .trafficmp.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .trafficmp.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .trafficmp.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .media6degrees.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .casalemedia.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .casalemedia.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .casalemedia.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .casalemedia.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .casalemedia.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .casalemedia.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .casalemedia.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .mediabrandsww.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .solvemedia.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .solvemedia.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .content.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   www.burstnet.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   www.burstbeacon.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .www.burstnet.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .burstnet.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .burstnet.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .interclick.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .interclick.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .interclick.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .adbrite.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .tribalfusion.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .ru4.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   ads.react2media.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   ads.react2media.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   ads.react2media.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .adserver.adtechus.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .lucidmedia.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .collective-media.net [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .apmebf.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .mediaplex.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .pointroll.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .doubleclick.net [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .questionmarket.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .questionmarket.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .adxpose.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .adbrite.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .adbrite.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .adbrite.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .adbrite.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .adbrite.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .media6degrees.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .media6degrees.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .at.atwola.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .r1-ads.ace.advertising.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .anrtx.tacoda.net [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .atwola.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .advertising.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .yieldmanager.net [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .content.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .advertising.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .advertising.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .fastclick.net [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .advertising.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .collective-media.net [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .collective-media.net [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .collective-media.net [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .collective-media.net [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .collective-media.net [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .collective-media.net [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .mediaplex.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .kontera.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .at.atwola.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .at.atwola.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .advertising.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .advertising.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .ar.atwola.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .ar.atwola.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .xiti.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .legolas-media.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .legolas-media.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .interclick.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   .eset.122.2o7.net [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NC4RSDUP.DEFAULT\COOKIES.SQLITE ]
   a.ads2.msads.net [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   a.media.abcfamily.go.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   acvs.mediaonenetwork.net [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   ad.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   adbureau.net [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   adservr21.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   broadcast.piximedia.fr [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   cdn.complexmedianetwork.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   cdn.eyewonder.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   cdn.insights.gravity.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   cdn.media.abc.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   cdn.media.abcfamily.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   cdn.media.theview.tv [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   cdn.tremormedia.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   cdn1.static.pornhub.phncdn.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   cdn4.specificclick.net [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   cdn5.tribalfusion.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   chicagoradioandmedia.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   cloudfront.mediamatters.org [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   content.oddcast.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   content.yieldmanager.edgesuite.net [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   convoad.technoratimedia.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   convoad.technoratimedia.net [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   core.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   crackle.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   ds.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   ec.atdmt.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   freecamsexposed.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   googleads.g.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   i.*adult URL* [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   ia.media-imdb.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   ictv-ic-ec.indieclicktv.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   indieclick.3janecdn.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   interclick.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   konac.kontera.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   m1.2mdn.net [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   macromedia.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   media-macys.pictela.net [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   media.entertonement.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   media.heavy.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   media.ign.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   media.kmov.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   media.kyte.tv [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   media.mgnetwork.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   media.movieweb.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   media.mtvnservices.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   media.nbcchicago.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   media.nbcdfw.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   media.nbclosangeles.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   media.nbcnewyork.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   media.onsugar.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   media.oprah.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   media.perthnow.com.au [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   media.resulthost.org [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   media.scanscout.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   media.socialvibe.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   media.tattomedia.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   media.thewb.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   media.wcnc.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   media.zenfs.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   media01.kyte.tv [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   media1.break.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   media1.nfb.ca [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   mediaplex.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   mediaservice.mirror-image.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   mediastore.verizonwireless.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   msnbcmedia.msn.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   naiadsystems.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   objects.tremormedia.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   oddcast.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   piximedia.fr [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   richmedia247.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   rmd.atdmt.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   s0.2mdn.net [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   secure-uk.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   secure-us.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   service.twistage.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   serving-sys.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   sftrack.searchforce.net [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   spe.atdmt.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   speed.pointroll.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   stat.easydate.biz [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   stat.radioblogclub.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   static.2mdn.net [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   static.freecamsexposed.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   static.xxxmatch.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   thebigpornsecret.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   udn.specificclick.net [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   videos.mediaite.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   www.malepornstarsexposed.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   www.naiadsystems.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   www.pornhub.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   www.redorbit.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   www.soundclick.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   www.teennick.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   yieldmanager.edgesuite.net [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\GLT868RE ]
   .atdmt.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UQJFIRVE.DEFAULT\COOKIES.SQLITE ]
   .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UQJFIRVE.DEFAULT\COOKIES.SQLITE ]
   .pointroll.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UQJFIRVE.DEFAULT\COOKIES.SQLITE ]
   .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UQJFIRVE.DEFAULT\COOKIES.SQLITE ]
   .insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UQJFIRVE.DEFAULT\COOKIES.SQLITE ]
   .interclick.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UQJFIRVE.DEFAULT\COOKIES.SQLITE ]
   .interclick.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UQJFIRVE.DEFAULT\COOKIES.SQLITE ]
   .imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UQJFIRVE.DEFAULT\COOKIES.SQLITE ]
   .imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UQJFIRVE.DEFAULT\COOKIES.SQLITE ]
   .adserver.adtechus.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UQJFIRVE.DEFAULT\COOKIES.SQLITE ]
   .revsci.net [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UQJFIRVE.DEFAULT\COOKIES.SQLITE ]
   .legolas-media.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UQJFIRVE.DEFAULT\COOKIES.SQLITE ]
   wstat.wibiya.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UQJFIRVE.DEFAULT\COOKIES.SQLITE ]
   .lfstmedia.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UQJFIRVE.DEFAULT\COOKIES.SQLITE ]
   .collective-media.net [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UQJFIRVE.DEFAULT\COOKIES.SQLITE ]
   .insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UQJFIRVE.DEFAULT\COOKIES.SQLITE ]
   .insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UQJFIRVE.DEFAULT\COOKIES.SQLITE ]
   .adinterax.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UQJFIRVE.DEFAULT\COOKIES.SQLITE ]
   .adbrite.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UQJFIRVE.DEFAULT\COOKIES.SQLITE ]
   .advertising.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UQJFIRVE.DEFAULT\COOKIES.SQLITE ]
   .ru4.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UQJFIRVE.DEFAULT\COOKIES.SQLITE ]
   counters.gigya.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UQJFIRVE.DEFAULT\COOKIES.SQLITE ]
   .adxpose.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UQJFIRVE.DEFAULT\COOKIES.SQLITE ]
   .realmedia.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UQJFIRVE.DEFAULT\COOKIES.SQLITE ]
   .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UQJFIRVE.DEFAULT\COOKIES.SQLITE ]
   .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\APPLICATION DATA\MOZILLA\F

strangerinchi · « **Reply #5 on:** December 14, 2011, 02:15:26 AM »

Here is my MBAM log...no results from the full scan of C: and D: drives:

=========================================================

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8351

Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 7.0.5730.13

12/14/2011 3:13:50 AM
mbam-log-2011-12-14 (03-13-50).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 437967
Time elapsed: 1 hour(s), 18 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

strangerinchi · « **Reply #6 on:** December 14, 2011, 02:28:11 AM »

DDS and ATTACH logs
.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Run by Compaq_Administrator at 3:20:52 on 2011-12-14
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1982.1221 [GMT -6:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://home.sweetim.com
uSearch Page = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uSearch Bar = hxxp://safesearch.cyberdefender.com/smallsearch.html
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://home.sweetim.com
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
uURLSearchHooks: AOL Messaging Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
uURLSearchHooks: FCToolbarURLSearchHook Class: {f78bf7a8-cf12-4de7-a6da-c463d1b539a7} - c:\program files\dogpile bundle toolbar\Helper.dll
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: midicairUSA Toolbar: {f3902028-4a21-4793-8e05-793e183d51c2} - c:\program files\midicairusa\prxtbmidi.dll
mURLSearchHooks: AOL Messaging Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Yahooo Search Protection: {25bc7718-0bfa-40ea-b381-4b2d9732d686} - c:\program files\yahoo!\search protection\ysp.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Yahoo! IE Suggest: {5a263cf7-56a6-4d68-a8cf-345be45bc911} - c:\program files\yahoo!\searchsuggest\YSearchSuggest.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Shop to Win 4: {91917dc6-93b9-4e62-b2d6-d39c9618c418} - c:\program files\shop to win 4\ShoppingBHO.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\8.0.0.40\AVG Secure Search_toolbar.dll
BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: AOL Messaging Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Dogpile Bundle Toolbar BHO: {bfe4b5cb-63f7-4a51-9266-6167655d5b4f} - c:\program files\dogpile bundle toolbar\Toolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll
BHO: midicairUSA Toolbar: {f3902028-4a21-4793-8e05-793e183d51c2} - c:\program files\midicairusa\prxtbmidi.dll
BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo\YontooIEClient.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn3\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Dogpile Bundle Toolbar: {c80bdeb2-8735-44c6-bd55-a1ccd555667a} - c:\program files\dogpile bundle toolbar\Toolbar.dll
TB: AOL Messaging Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: midicairUSA Toolbar: {f3902028-4a21-4793-8e05-793e183d51c2} - c:\program files\midicairusa\prxtbmidi.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\8.0.0.40\AVG Secure Search_toolbar.dll
EB: AT&&T Yahoo! Sidebar: {51085e3d-a958-42a2-a6be-a6a9b0baf276} - c:\program files\yahoo!\browser\ysidebarIE.dll
uRun: [Google Update] "c:\documents and settings\compaq_administrator\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask .exe" -atboottime
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [BackupNowEZtray] "c:\program files\newtech infosystems\backup now ez\BackupNowEZtray.exe" -k
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [pcsafedoctor.exe] c:\program files\pcsafedoctor\pcsafedoctor.exe
StartupFolder: c:\docume~1\compaq~1\startm~1\programs\startup\autoru~1\antima~1.lnk - c:\documents and settings\compaq_administrator\application data\dbf4505d2e0503b99dd8e1d3dbbbd72d\sorttp700.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\Orbit.lnk -
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: &Search - ?s=100000343&p=ZKfox000&si=&a=IXJ3gQpP4lGqxluXrfxKog&n=2010040213
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - c:\program files\yahoo!\search protection\ysp.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: mswsock.dll
Trusted Zone: babynamescentral.com\www
Trusted Zone: trymedia.com
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper200711281.dll
DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} - hxxp://asp.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase2474.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {95D88B35-A521-472B-A182-BB1A98356421} - hxxp://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - hxxp://support.f-secure.com/ols/fscax.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} - hxxp://asp.mathxl.com/books/_Players/MathPlayer.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{5D534568-0898-4523-AE18-DE2497E58463} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D} : DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\8.0.1\ViProtocol.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: khfgebc - khfgebc.dll
STS: tokatiluy: {8b565bf9-8198-495f-ba43-b3e6976c87cd} - c:\windows\system32\gebojele.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 c:\windows\system32\gebcd.dll
LSA: Notification Packages = scecli o f o n o . d l l nilofono.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\compaq_administrator\application data\mozilla\firefox\profiles\uqjfirve.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://aol.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3070524&SearchSource=2&q=
FF - component: c:\documents and settings\compaq_administrator\application data\mozilla\firefox\profiles\uqjfirve.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCoreGecko19.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - component: c:\program files\orbitdownloader\addons\oneclickyoutubedownloader\components\GrabXpcom.dll
FF - plugin: c:\documents and settings\compaq_administrator\application data\mozilla\firefox\profiles\uqjfirve.default\extensions\{1bc9ba34-1eed-42ca-a505-6d2f1a935bbb}\plugins\npietab2.dll
FF - plugin: c:\documents and settings\compaq_administrator\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\documents and settings\compaq_administrator\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npsabffx.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\superadblocker.com\npsabffx.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: extentions.y2layers.installId - d65cc208-117e-45b6-86db-0136932a65c1
FF - user.js: extentions.y2layers.defaultEnableAppsLi st - Buzzdock,BuzzdockTease,DropDownDeals,BestVideoDownloader,BestVideoDownloader,
.
============= SERVICES / DRIVERS ===============
.
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2011-12-12 28552]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-12-11 435032]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-12-11 314456]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
S2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-9 14336]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-12-11 20568]
S2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-12-11 44768]
S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S2 NTI BackupNowEZSvr;NTI BackupNowEZSvr;c:\program files\newtech infosystems\backup now ez\BackupNowEZSvr.exe [2009-9-19 45312]
S2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-11-10 1174664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 RkHit;RkHit;c:\windows\system32\drivers\RKHit.sys [2011-12-12 34736]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
.
=============== Created Last 30 ================
.
2011-12-13 02:10:40   34736   ----a-w-   c:\windows\system32\drivers\RKHit.sys
2011-12-13 01:52:30   28552   ----a-w-   c:\windows\system32\drivers\pavboot.sys
2011-12-13 01:52:17   --------   d-----w-   c:\windows\LastGood.Tmp
2011-12-13 01:50:46   --------   d-----w-   c:\program files\Panda Security
2011-12-12 07:08:04   --------   d-----w-   c:\program files\common files\Wise Installation Wizard
2011-12-12 05:03:43   41272   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2011-12-11 20:32:27   --------   d-----w-   c:\documents and settings\compaq_administrator\application data\AVG2012
2011-12-11 20:26:12   --------   d-----w-   c:\documents and settings\compaq_administrator\application data\AVG Secure Search
2011-12-11 20:25:58   --------   d-----w-   c:\program files\common files\AVG Secure Search
2011-12-11 20:25:51   --------   d-----w-   c:\program files\AVG Secure Search
2011-12-11 20:25:39   --------   d--h--w-   c:\documents and settings\all users\application data\Common Files
2011-12-11 20:23:40   --------   d-----w-   c:\windows\system32\drivers\AVG
2011-12-11 20:23:40   --------   d-----w-   c:\documents and settings\all users\application data\AVG2012
2011-12-11 20:22:47   --------   d-----w-   c:\program files\AVG
2011-12-11 20:01:58   --------   d-----w-   c:\documents and settings\all users\application data\MFAData
2011-12-11 19:32:51   --------   d-----w-   C:\a39014efedd8604e4c25e763
2011-12-11 19:06:14   --------   d-----w-   c:\program files\common files\PC Tools
2011-12-11 19:03:04   --------   d-----w-   c:\documents and settings\compaq_administrator\application data\TestApp
2011-12-11 18:19:38   --------   d-----w-   c:\program files\Conduit
2011-12-11 18:19:37   --------   d-----w-   c:\documents and settings\compaq_administrator\local settings\application data\midicairUSA
2011-12-11 18:19:37   --------   d-----w-   c:\documents and settings\compaq_administrator\local settings\application data\Conduit
2011-12-11 18:19:35   --------   d-----w-   c:\program files\midicairUSA
2011-12-11 17:35:47   --------   d-----w-   c:\documents and settings\compaq_administrator\local settings\application data\NPE
2011-12-11 17:35:47   --------   d-----w-   c:\documents and settings\all users\application data\Norton
2011-12-11 13:32:26   50176   ----a-w-   c:\windows\system32\dllcache\proquota.exe
2011-12-11 13:10:52   154496   ----a-w-   c:\windows\system32\dllcache\icam4usb.sys
2011-12-11 12:53:19   27648   ----a-w-   c:\windows\system32\dllcache\cyzports.dll
2011-12-11 12:46:19   22044   ----a-w-   c:\windows\system32\dllcache\cem33n5.sys
2011-12-11 11:45:13   435032   ----a-w-   c:\windows\system32\drivers\aswSnx.sys
2011-12-11 11:44:59   41184   ----a-w-   c:\windows\avastSS.scr
2011-12-11 11:44:47   --------   d-----w-   c:\program files\AVAST Software
2011-12-11 11:44:47   --------   d-----w-   c:\documents and settings\all users\application data\AVAST Software
2011-12-11 09:03:38   23624   ----a-w-   c:\windows\system32\drivers\hitmanpro35.sys
2011-12-11 09:03:37   --------   d-----w-   c:\program files\Hitman Pro 3.5
2011-12-11 09:02:48   --------   d-----w-   c:\documents and settings\all users\application data\Hitman Pro
2011-12-11 07:31:21   --------   d-----w-   c:\documents and settings\all users\application data\PC Tools
2011-12-10 09:47:44   --------   d-----w-   c:\documents and settings\all users\application data\Tarma Installer
2011-12-10 06:10:38   --------   d-----w-   c:\program files\common files\McAfee
2011-12-04 16:46:11   --------   d-----w-   c:\windows\system32\wbem\repository\FS
2011-12-04 16:46:11   --------   d-----w-   c:\windows\system32\wbem\Repository
2011-12-04 16:45:35   --------   d-----w-   c:\documents and settings\compaq_administrator\local settings\application data\Solid State Networks
2011-12-04 14:23:53   --------   d-----w-   c:\program files\McAfee
2011-12-01 06:09:42   --------   d-----w-   c:\documents and settings\all users\application data\McAfee Security Scan
2011-12-01 06:09:38   --------   d-----w-   c:\program files\McAfee Security Scan
2011-11-16 07:36:33   --------   d-----w-   c:\documents and settings\compaq_administrator\application data\QuickScan
2011-11-16 05:36:45   --------   d-----w-   c:\program files\ESET
.
==================== Find3M ====================
.
2011-10-07 12:23:48   230608   ----a-w-   c:\windows\system32\drivers\avgldx86.sys
2011-10-04 12:21:42   16720   ----a-w-   c:\windows\system32\drivers\AVGIDSShim.sys
.
============= FINISH: 3:21:39.76 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/5/2007 10:26:22 PM
System Uptime: 12/14/2011 1:45:25 AM (2 hours ago)
.
Motherboard: ASUSTek Computer INC. | | NAOS
Processor: AMD Athlon(tm) 64 Processor 3500+ | Socket AM2 | 2204/199mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 140 GiB total, 83.886 GiB free.
D: is FIXED (FAT32) - 9 GiB total, 0.539 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: IDE\CDROMLITE-ON_DVDRW_SHM-165H6S________________HP10____\5&349AA4DF&0&0.0.0
Manufacturer: (Standard CD-ROM drives)
Name: LITE-ON DVDRW SHM-165H6S
PNP Device ID: IDE\CDROMLITE-ON_DVDRW_SHM-165H6S________________HP10____\5&349AA4DF&0&0.0.0
Service: cdrom
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
7-Zip 4.65
Adobe AIR
Adobe Community Help
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe InDesign CS5
Adobe Media Player
Adobe Reader 8.1.1
AIM 7
Aiprosoft iPod Touch Video Converter
Akamai NetSession Interface
Akamai NetSession Interface Service
AOL Messaging Toolbar
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
AT&T Self Support Tool
AT&T Yahoo! Applications
Audacity 1.2.6
avast! Free Antivirus
AVG 2012
Bonjour
BroadJump Client Foundation
BufferChm
CA Yahoo! Anti-Spy (remove only)
CCleaner (remove only)
CCScore
Compaq Connections (remove only)
Compatibility Pack for the 2007 Office system
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
cp_UpdateProjectsConfig
CueTour
Customer Experience Enhancement
Data Fax SoftModem with SmartCP
Destinations
DeviceManagementQFolder
Dogpile Bundle Toolbar
Download Updater (AOL LLC)
Easy Internet Sign-up
Entropia Universe
ESET Online Scanner v3
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
Fast Browser Search for Firefox (My Web Tattoo)
fflink
FullDPAppQFolder
GemMaster Mystic
GIMP 2.6.8
Google Chrome
High Definition Audio Driver Package - KB888111
Hitman Pro 3.5
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB912024)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB945060-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Boot Optimizer
HP Deskjet 3840
HP DVD Play 2.1
HP Games 3.43.97
HP Imaging Device Functions 7.0
HP Photosmart Premier Software 6.5
HP Support Overview
HP Update
HP Web Helper
HPPhotoSmartExpress
HpSdpAppCoreApp
iDump (Backing up your iPod)
ImageRescue3
InstantShareDevices
iTunes
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 13
Java(TM) 6 Update 2
Junk Mail filter update
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
LightScribe 1.4.105.1
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Malwarebytes' Anti-Malware version 1.51.2.1300
Manga Studio Debut 4.0
McAfee Security Scan Plus
McAfee SiteAdvisor
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Away Mode
Microsoft Choice Guard
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2006
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003 60 days trial
Microsoft Office XP Professional with FrontPage
Microsoft Search Enhancement Pack
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
midicairUSA Toolbar
MobileMe Control Panel
Mozilla Firefox 8.0.1 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
My HP Games
MyIdentityDefender Toolbar (CyberDefender Corporation)
netbrdg
Netscape Browser (remove only)
NTI Backup Now EZ
NVIDIA Drivers
Octoshape add-in for Adobe Flash Player
OfotoXMI
OptionalContentQFolder
Orbit Downloader
Otto
Panda ActiveScan 2.0
PC-Doctor 5 for Windows
PC Fix Speed 1.0.0.0
PCSafeDoctor
PDF Settings CS5
PhotoGallery
Play Pickle
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
Quicken 2006
QuickTime
RandMap
RCA Detective™ 3.0.0.101
RCA easyRip 2.4.6.0
RCA Updater 2.0.0.0
Realtek High Definition Audio Driver
Rhapsody
SecondLifeViewer2 (remove only)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Segoe UI
SFR
SHASTA
Shop to Win 4
skin0001
SkinsHP1
SKINXSDK
Skype Click to Call
Skype™ 5.5
SlideShow
SlideShowMusic
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sonic_PrimoSDK
Spybot - Search & Destroy
staticcr
SUPERAntiSpyware
Symantec KB-DocID:2003093015493306
The Rosetta Stone
The Weather Channel Desktop 6
Unity Web Player
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Media Format SDK (KB902344)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB953356)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
VideoSpirit Pro 1.72
VoiceOver Kit
VPRINTOL
WeatherBug
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format Runtime
Windows Media Player Firefox Plugin
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892050
Windows XP Hotfix - KB893066
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB912067
Windows XP Media Center Edition 2005 KB973768
WIRELESS
Xvid 1.2.1 final uninstall
Yahoo! Search Protection
Yahoo! Search Suggest Add-on for IE7
Yahoo! Software Update
Yontoo 1.10.02
Zoosk Messenger
.
==== Event Viewer Messages From Past Week ========
.
12/9/2011 9:01:00 AM, error: Schedule [7901] - The At10.job command failed to start due to the following error: %%2147942402
12/9/2011 8:01:00 AM, error: Schedule [7901] - The At9.job command failed to start due to the following error: %%2147942402
12/9/2011 7:01:00 AM, error: Schedule [7901] - The At8.job command failed to start due to the following error: %%2147942402
12/9/2011 6:01:00 AM, error: Schedule [7901] - The At7.job command failed to start due to the following error: %%2147942402
12/9/2011 5:01:00 AM, error: Schedule [7901] - The At6.job command failed to start due to the following error: %%2147942402
12/9/2011 4:01:00 AM, error: Schedule [7901] - The At5.job command failed to start due to the following error: %%2147942402
12/9/2011 3:01:00 AM, error: Schedule [7901] - The At4.job command failed to start due to the following error: %%2147942402
12/9/2011 2:01:00 AM, error: Schedule [7901] - The At3.job command failed to start due to the following error: %%2147942402
12/9/2011 12:01:00 AM, error: Schedule [7901] - The At1.job command failed to start due to the following error: %%2147942402
12/9/2011 11:01:00 AM, error: Schedule [7901] - The At12.job command failed to start due to the following error: %%2147942402
12/9/2011 10:01:00 AM, error: Schedule [7901] - The At11.job command failed to start due to the following error: %%2147942402
12/9/2011 1:01:00 AM, error: Schedule [7901] - The At2.job command failed to start due to the following error: %%2147942402
12/8/2011 9:01:00 PM, error: Schedule [7901] - The At22.job command failed to start due to the following error: %%2147942402
12/8/2011 8:01:00 PM, error: Schedule [7901] - The At21.job command failed to start due to the following error: %%2147942402
12/8/2011 7:01:00 PM, error: Schedule [7901] - The At20.job command failed to start due to the following error: %%2147942402
12/8/2011 6:00:59 PM, error: Schedule [7901] - The At19.job command failed to start due to the following error: %%2147942402
12/8/2011 5:01:00 PM, error: Schedule [7901] - The At18.job command failed to start due to the following error: %%2147942402
12/8/2011 4:01:00 PM, error: Schedule [7901] - The At17.job command failed to start due to the following error: %%2147942402
12/8/2011 3:01:00 PM, error: Schedule [7901] - The At16.job command failed to start due to the following error: %%2147942402
12/8/2011 2:01:00 PM, error: Schedule [7901] - The At15.job command failed to start due to the following error: %%2147942402
12/8/2011 12:01:00 PM, error: Schedule [7901] - The At13.job command failed to start due to the following error: %%2147942402
12/8/2011 11:01:00 PM, error: Schedule [7901] - The At24.job command failed to start due to the following error: %%2147942402
12/8/2011 10:01:00 PM, error: Schedule [7901] - The At23.job command failed to start due to the following error: %%2147942402
12/8/2011 1:01:00 PM, error: Schedule [7901] - The At14.job command failed to start due to the following error: %%2147942402
12/13/2011 9:29:46 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AmdK8 aswSnx aswSP aswTdi Fips SASDIFSV SASKUTIL
12/13/2011 6:51:52 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
12/11/2011 8:50:18 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McComponentHostService with arguments "" in order to run the server: {CC6F4D12-8575-4CFF-9455-CF5774AEB13B}
12/11/2011 8:13:53 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD AmdK8 aswRdr aswSnx aswSP aswTdi Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
12/11/2011 6:04:06 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'cdrom.sys' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
12/11/2011 5:45:06 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
12/11/2011 5:21:33 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
12/11/2011 3:39:22 AM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
12/11/2011 2:49:01 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK8 Fips
12/11/2011 2:42:35 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AmdK8 aswSnx aswSP aswTdi Avgldx86 Avgmfx86 Fips
12/11/2011 12:14:38 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
12/11/2011 12:13:25 AM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
12/11/2011 12:11:33 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AmdK8 aswSnx aswSP aswTdi Fips
12/11/2011 12:03:45 AM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: This operation returned because the timeout period expired.
12/11/2011 12:00:26 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McAfee SiteAdvisor Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}
12/11/2011 12:00:17 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AmdK8 aswSP aswTdi Fips
12/11/2011 11:58:29 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD AmdK8 aswRdr aswSnx aswSP aswTdi Fips IntelIde IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip ViaIde
12/11/2011 11:55:30 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Image Acquisition (WIA) service to connect.
12/11/2011 11:55:30 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Symantec Core LC service to connect.
12/11/2011 11:55:30 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the SSDP Discovery Service service to connect.
12/11/2011 11:55:30 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the SeaPort service to connect.
12/11/2011 11:55:30 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the NVIDIA Display Driver Service service to connect.
12/11/2011 11:55:30 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the NTI BackupNowEZSvr service to connect.
12/11/2011 11:55:30 AM, error: Service Control Manager [7001] - The Media Center Extender Service service depends on the SSDP Discovery Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
12/11/2011 11:55:30 AM, error: Service Control Manager [7000] - The Windows Image Acquisition (WIA) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/11/2011 11:55:30 AM, error: Service Control Manager [7000] - The Symantec Core LC service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/11/2011 11:55:30 AM, error: Service Control Manager [7000] - The SSDP Discovery Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/11/2011 11:55:30 AM, error: Service Control Manager [7000] - The SeaPort service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/11/2011 11:55:30 AM, error: Service Control Manager [7000] - The NVIDIA Display Driver Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/11/2011 11:55:30 AM, error: Service Control Manager [7000] - The NTI BackupNowEZSvr service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/11/2011 1:46:16 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde ViaIde
12/10/2011 11:58:53 PM, error: NetBT [4311] - Initialization failed because the driver device could not be created.
12/10/2011 11:50:29 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD AmdK8 aswSP aswTdi Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
12/10/2011 11:50:29 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
12/10/2011 11:50:29 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/10/2011 11:50:29 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/10/2011 11:50:29 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
12/10/2011 11:50:29 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/10/2011 11:50:29 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/10/2011 11:49:51 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
12/10/2011 11:49:42 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/10/2011 11:49:35 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
12/10/2011 11:47:21 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.
.
==== End Of File ===========================

SuperDave · « **Reply #7 on:** December 14, 2011, 12:13:39 PM »

I strongly recommend that you remove Ask from your computer because it;

•Promotes its toolbars on sites targeted to kids.

•Promotes its toolbars through ads that appear to be part of other companies' sites.

•Promotes its toolbars through other companies' spyware.

•Installs without any disclosure whatsoever and without any consent whatsoever.

•Solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.

•Makes confusing changes to users' browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.

See Here for more info.

If you choose to follow my recommendation then please go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.

•AskBarDis or anything related to Ask

Then please find and delete this folder in bold (if present):
C:\Program Files\AskBarDis. or anything related to Ask.
********************************************************
Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
***************************************************
Download OTL to your desktop.

* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

Code: [Select]

:OTL

uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: Yahoo! Toolbar: 
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
Trusted Zone: babynamescentral.com\www
Trusted Zone: trymedia.com

:COMMANDS
[resethosts]
[purity]
[start explorer]

* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.
***********************************************************
Please download ComboFix

from BleepingComputer.com

Alternate link: GeeksToGo.com

and save it to your Desktop.
It would be easiest to download using Internet Explorer.
If you want to use Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Double click ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

If you have problems with ComboFix usage, see How to use ComboFix

strangerinchi · « **Reply #8 on:** December 14, 2011, 01:18:36 PM »

Hi, again! Here is the OTL log:

========== OTL ==========
========== COMMANDS ==========
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 12142011_141618

strangerinchi · « **Reply #9 on:** December 14, 2011, 01:19:43 PM »

Java got rid of all the older versions but mentioned a file was missing and then closed.
Moving on to downloading Combofix.exe.

strangerinchi · « **Reply #10 on:** December 14, 2011, 02:26:24 PM »

Woww!! I think my system is no longer infected! And I noticed while scanning combofix told me there was a rootkit in the TCP/IP and if there was problems with internet to run the program again, and I forgot to mention that when I was infected, I had ping.exe popping up a lot in task manager processes! Anyway, Here is the combofix log. Everything is running smoothly! I appreciate your help so much, SuperDave!!! =DDDDDD <333

ComboFix 11-12-13.03 - Compaq_Administrator 12/14/2011 14:55:05.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1982.1584 [GMT -6:00]
Running from: c:\documents and settings\Compaq_Administrator\My Documents\Downloads\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users\Application Data\Tarma Installer
c:\documents and settings\All Users\Application Data\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setup.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.dat
c:\documents and settings\All Users\Application Data\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.exe
c:\documents and settings\All Users\Application Data\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.ico
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Compaq_Administrator\Application Data\Adobe\plugs
c:\documents and settings\Compaq_Administrator\Application Data\Adobe\shed
c:\documents and settings\Compaq_Administrator\My Documents\iexplore.exe
c:\documents and settings\Compaq_Administrator\Recent\Thumbs.db
c:\documents and settings\Compaq_Administrator\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\program files\Blinkx
c:\program files\Blinkx\templates\index.html
c:\program files\Blinkx\templates\noflash.html
c:\program files\Blinkx\templates\offline.html
c:\program files\Blinkx\templates\offline.swf
c:\program files\Shop to Win 4\ShOPpingbho.dll
c:\windows\$NtUninstallKB62280$
c:\windows\$NtUninstallKB62280$\2941417489
c:\windows\$NtUninstallKB62280$\485945278\@
c:\windows\$NtUninstallKB62280$\485945278\bckfg.tmp
c:\windows\$NtUninstallKB62280$\485945278\cfg.ini
c:\windows\$NtUninstallKB62280$\485945278\Desktop.ini
c:\windows\$NtUninstallKB62280$\485945278\keywords
c:\windows\$NtUninstallKB62280$\485945278\kwrd.dll
c:\windows\$NtUninstallKB62280$\485945278\L\aqaeidou
c:\windows\$NtUninstallKB62280$\485945278\lsflt7.ver
c:\windows\$NtUninstallKB62280$\485945278\U\00000001.@
c:\windows\$NtUninstallKB62280$\485945278\U\00000002.@
c:\windows\$NtUninstallKB62280$\485945278\U\00000004.@
c:\windows\$NtUninstallKB62280$\485945278\U\80000000.@
c:\windows\$NtUninstallKB62280$\485945278\U\80000004.@
c:\windows\$NtUninstallKB62280$\485945278\U\80000032.@
c:\windows\CSC\d6
c:\windows\HPCPCUninstaller-6.3.2.116-5577497.exe
c:\windows\kb913800.exe
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\drivers\RKHit.sys
c:\windows\system32\vMW02a
D:\Autorun.inf
.
c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\system32\dllcache\proquota.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_RKHIT
-------\Service_RkHit
.
.
((((((((((((((((((((((((( Files Created from 2011-11-14 to 2011-12-14 )))))))))))))))))))))))))))))))
.
.
2011-12-14 21:07 . 2004-08-09 21:00   50176   ----a-w-   c:\windows\system32\proquota.exe
2011-12-14 21:07 . 2004-08-09 21:00   50176   ----a-w-   c:\windows\system32\dllcache\proquota.exe
2011-12-14 20:16 . 2011-12-14 20:16   --------   d-----w-   C:\_OTL
2011-12-13 01:52 . 2009-06-30 16:37   28552   ----a-w-   c:\windows\system32\drivers\pavboot.sys
2011-12-13 01:50 . 2011-12-13 01:50   --------   d-----w-   c:\program files\Panda Security
2011-12-12 07:08 . 2011-12-12 07:08   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2011-12-11 20:32 . 2011-12-11 20:32   --------   d-----w-   c:\documents and settings\Compaq_Administrator\Application Data\AVG2012
2011-12-11 20:26 . 2011-12-11 20:26   --------   d-----w-   c:\documents and settings\Compaq_Administrator\Application Data\AVG Secure Search
2011-12-11 20:25 . 2011-12-11 20:25   --------   d-----w-   c:\program files\Common Files\AVG Secure Search
2011-12-11 20:25 . 2011-12-11 20:26   --------   d-----w-   c:\program files\AVG Secure Search
2011-12-11 20:25 . 2011-12-11 20:25   --------   d--h--w-   c:\documents and settings\All Users\Application Data\Common Files
2011-12-11 20:23 . 2011-12-11 20:26   --------   d-----w-   c:\documents and settings\All Users\Application Data\AVG2012
2011-12-11 20:23 . 2011-12-11 20:24   --------   d-----w-   c:\windows\system32\drivers\AVG
2011-12-11 20:22 . 2011-12-11 20:22   --------   d-----w-   c:\program files\AVG
2011-12-11 20:01 . 2011-12-11 20:32   --------   d-----w-   c:\documents and settings\All Users\Application Data\MFAData
2011-12-11 19:32 . 2011-12-11 19:34   --------   d-----w-   C:\a39014efedd8604e4c25e763
2011-12-11 19:06 . 2011-12-11 20:33   --------   d-----w-   c:\program files\Common Files\PC Tools
2011-12-11 19:03 . 2011-12-11 19:03   --------   d-----w-   c:\documents and settings\Compaq_Administrator\Application Data\TestApp
2011-12-11 18:19 . 2011-12-11 18:19   --------   d-----w-   c:\program files\Conduit
2011-12-11 18:19 . 2011-12-11 18:19   --------   d-----w-   c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Conduit
2011-12-11 18:19 . 2011-12-11 18:19   --------   d-----w-   c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\midicairUSA
2011-12-11 18:19 . 2011-12-11 18:19   --------   d-----w-   c:\program files\midicairUSA
2011-12-11 17:35 . 2011-12-11 17:42   --------   d-----w-   c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\NPE
2011-12-11 17:35 . 2011-12-11 17:35   --------   d-----w-   c:\documents and settings\All Users\Application Data\Norton
2011-12-11 13:10 . 2001-08-17 20:06   154496   ----a-w-   c:\windows\system32\dllcache\icam4usb.sys
2011-12-11 12:53 . 2001-08-18 04:36   27648   ----a-w-   c:\windows\system32\dllcache\cyzports.dll
2011-12-11 12:46 . 2001-08-17 18:13   22044   ----a-w-   c:\windows\system32\dllcache\cem33n5.sys
2011-12-11 11:44 . 2011-12-14 20:43   --------   d-----w-   c:\documents and settings\All Users\Application Data\AVAST Software
2011-12-11 11:44 . 2011-12-11 11:44   --------   d-----w-   c:\program files\AVAST Software
2011-12-11 09:03 . 2011-12-12 03:10   23624   ----a-w-   c:\windows\system32\drivers\hitmanpro35.sys
2011-12-11 09:03 . 2011-12-11 09:03   --------   d-----w-   c:\program files\Hitman Pro 3.5
2011-12-11 09:02 . 2011-12-11 09:03   --------   d-----w-   c:\documents and settings\All Users\Application Data\Hitman Pro
2011-12-11 07:31 . 2011-12-11 11:23   --------   d-----w-   c:\documents and settings\All Users\Application Data\PC Tools
2011-12-10 06:10 . 2011-12-10 06:10   --------   d-----w-   c:\program files\Common Files\McAfee
2011-12-04 16:46 . 2011-12-04 16:46   --------   d-----w-   c:\windows\system32\wbem\Repository
2011-12-04 16:45 . 2011-12-04 16:45   --------   d-----w-   c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Solid State Networks
2011-12-04 14:23 . 2011-12-04 14:23   --------   d-----w-   c:\program files\McAfee
2011-12-03 06:11 . 2011-12-03 06:11   --------   d-----w-   c:\documents and settings\LocalService\Application Data\McAfee
2011-12-01 06:09 . 2011-12-04 14:24   --------   d-----w-   c:\documents and settings\All Users\Application Data\McAfee
2011-12-01 06:09 . 2011-12-01 06:09   --------   d-----w-   c:\documents and settings\All Users\Application Data\McAfee Security Scan
2011-12-01 06:09 . 2011-12-04 18:03   --------   d-----w-   c:\program files\McAfee Security Scan
2011-11-16 07:36 . 2011-12-11 20:54   --------   d-----w-   c:\documents and settings\Compaq_Administrator\Application Data\QuickScan
2011-11-16 05:36 . 2011-11-16 05:36   --------   d-----w-   c:\program files\ESET
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-07 12:23 . 2011-10-07 12:23   230608   ----a-w-   c:\windows\system32\drivers\avgldx86.sys
2011-10-04 12:21 . 2011-10-04 12:21   16720   ----a-w-   c:\windows\system32\drivers\AVGIDSShim.sys
2011-11-27 04:06 . 2011-05-07 00:15   134104   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.

Code: [Select]

<pre>
c:\program files\Common Files\Adobe\Updater5\AdobeUpdater .exe
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc .exe
c:\windows\system32\RunDll32 .exe
</pre>

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{f78bf7a8-cf12-4de7-a6da-c463d1b539a7}"= "c:\program files\Dogpile Bundle Toolbar\Helper.dll" [2011-05-08 357376]
"{f3902028-4a21-4793-8e05-793e183d51c2}"= "c:\program files\midicairUSA\prxtbmidi.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{f78bf7a8-cf12-4de7-a6da-c463d1b539a7}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{C766F9AD-E91E-43DE-91DC-D007680ED4AF}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
.
[HKEY_CLASSES_ROOT\clsid\{f3902028-4a21-4793-8e05-793e183d51c2}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2011-12-11 20:25   1451336   ----a-w-   c:\program files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}]
2011-05-08 19:54   1543168   ----a-w-   c:\program files\Dogpile Bundle Toolbar\Toolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f3902028-4a21-4793-8e05-793e183d51c2}]
2011-05-09 08:49   176936   ----a-w-   c:\program files\midicairUSA\prxtbmidi.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{C80BDEB2-8735-44C6-BD55-A1CCD555667A}"= "c:\program files\Dogpile Bundle Toolbar\Toolbar.dll" [2011-05-08 1543168]
"{f3902028-4a21-4793-8e05-793e183d51c2}"= "c:\program files\midicairUSA\prxtbmidi.dll" [2011-05-09 176936]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll" [2011-12-11 1451336]
.
[HKEY_CLASSES_ROOT\clsid\{c80bdeb2-8735-44c6-bd55-a1ccd555667a}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{CCBDEEA9-517A-4862-B0A1-862AE9532228}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{f3902028-4a21-4793-8e05-793e183d51c2}]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{C80BDEB2-8735-44C6-BD55-A1CCD555667A}"= "c:\program files\Dogpile Bundle Toolbar\Toolbar.dll" [2011-05-08 1543168]
.
[HKEY_CLASSES_ROOT\clsid\{c80bdeb2-8735-44c6-bd55-a1ccd555667a}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{CCBDEEA9-517A-4862-B0A1-862AE9532228}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask .exe -atboottime" [X]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-13 16239616]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [N/A]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-11-10 27136]
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-11-10 27136]
.
c:\documents and settings\Compaq_Administrator\Start Menu\Programs\Startup\AutorunsDisabled
Antimalware Doctor.lnk - c:\documents and settings\Compaq_Administrator\Application Data\DBF4505D2E0503B99DD8E1D3DBBBD72D\sorttp700.exe [N/A]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54   551296   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfgebc]
khfgebc.dll [BU]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RkHit.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AT&T Self Support Tool.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AT&T Self Support Tool.lnk
backup=c:\windows\pss\AT&T Self Support Tool.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
backup=c:\windows\pss\Compaq Connections.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Orbit.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Orbit.lnk
backup=c:\windows\pss\Orbit.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WhiteSmoke Translator.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WhiteSmoke Translator.lnk
backup=c:\windows\pss\WhiteSmoke Translator.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Administrator^Start Menu^Programs^Startup^Free Music Zilla.lnk]
path=c:\documents and settings\Compaq_Administrator\Start Menu\Programs\Startup\Free Music Zilla.lnk
backup=c:\windows\pss\Free Music Zilla.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Administrator^Start Menu^Programs^Startup^RCA Detective.lnk]
path=c:\documents and settings\Compaq_Administrator\Start Menu\Programs\Startup\RCA Detective.lnk
backup=c:\windows\pss\RCA Detective.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Administrator^Start Menu^Programs^Startup^ZooskMessenger.lnk]
path=c:\documents and settings\Compaq_Administrator\Start Menu\Programs\Startup\ZooskMessenger.lnk
backup=c:\windows\pss\ZooskMessenger.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 09:44   500208   ------w-   c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 10:57   406992   ----a-w-   c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
2011-05-03 15:43   4321112   ----a-w-   c:\program files\AIM\aim.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface]
c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Akamai\netsession_win.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AntiVirus AntiSpyware 2011]
c:\documents and settings\Compaq_Administrator\Application Data\AntiVirus AntiSpyware 2011\AntiVirus AntiSpyware.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-08-13 21:51   177440   -c--a-w-   c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast]
c:\program files\AVAST Software\Avast\avastUI.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast5]
c:\progra~1\ALWILS~1\Avast5\avastUI.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
c:\progra~1\Grisoft\AVG7\avgcc.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_TRAY]
2011-10-25 02:29   2415456   ----a-w-   c:\program files\AVG\AVG2012\avgtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupNowEZtray]
2009-09-19 13:04   562944   ----a-w-   c:\program files\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
c:\program files\BitComet\BitComet.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ClickPotatoLiteSA]
c:\program files\ClickPotatoLite\bin\10.0.659.0\ClickPotatoLiteSA.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DISCover]
2007-10-31 02:57   1095256   ----a-w-   c:\program files\DISC\DISCover.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW6]
2011-06-08 15:45   822456   ----a-w-   c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E-Set 2011]
c:\program files\E-Set 2011\e-set.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-05 21:56   64512   ----a-w-   c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\frlhavwk]
c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\qdmnov\pklssftav.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fxvjhtup]
c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\tpnwfbyar\kxyxqcgtssd.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gamevance]
c:\program files\Gamevance Games\gamevance32.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-05-18 19:00   136176   ----atw-   c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HitmanPro35]
2011-12-11 09:00   6480192   ----a-w-   c:\program files\Hitman Pro 3.5\HitmanPro35.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2003-12-22 13:38   241664   -c--a-w-   c:\program files\HP\hpcoretech\hpcmpmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 21:24   54840   -c--a-w-   c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
2006-02-15 23:34   249856   -c--a-w-   c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2004-03-04 15:46   172032   -c--a-w-   c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICS5R7Y0OS]
c:\windows\Fqugac.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jahovosuz]
c:\windows\system32\gebojele.dll [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
2005-08-24 12:51   442455   -c--a-w-   c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24   1694208   ----a-w-   c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-17 04:12   3872080   ----a-w-   c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor]
c:\progra~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
c:\progra~1\MYWEBS~1\bar\2.bin\mwsoemon.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
c:\windows\system32\NvCpl.dll [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA driver monitor]
c:\windows\nvsvc32.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-05-09 15:50   1519616   -c--a-w-   c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCFixSpeed]
2011-02-11 08:10   312440   ----a-w-   c:\program files\PCFixSpeed\PCFixTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pcsafedoctor.exe]
2011-11-01 22:22   2052608   ----a-w-   c:\program files\PCSafeDoctor\pcsafedoctor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Play Pickle]
c:\program files\Play Pickle\playpickle32.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qowhgiom]
c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\ftssqe\oqicsftav.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
c:\program files\QuickTime\qttask.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\R8388QA8U8]
c:\docume~1\COMPAQ~1\LOCALS~1\Temp\Fpt.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2005-07-22 23:14   237568   -c--a-w-   c:\windows\SMINST\Recguard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search Protection]
c:\program files\Yahoo!\Search Protection\SearchProtection.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-10-13 14:27   17351304   ----a-r-   c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sorttp700.exe]
c:\documents and settings\Compaq_Administrator\Application Data\DBF4505D2E0503B99DD8E1D3DBBBD72D\sorttp700.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 22:07   2260480   ------w-   c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-04-26 07:35   148888   -c--a-w-   c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-11-07 18:04   4617600   ----a-w-   c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 19:37   517096   -c--a-w-   c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sysfbtray]
c:\windows\freddy67.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\system tool]
c:\windows\sysguard.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
c:\program files\Common Files\Real\Update_OB\realsched.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vgkjwjqs]
c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\nfljrr\habvsftav.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt]
2011-12-11 20:25   218464   ----a-w-   c:\program files\AVG Secure Search\vprot.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
2006-07-21 21:19   129536   -c--a-w-   c:\progra~1\Yahoo!\browser\ybrwicon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
c:\program files\Yahoo!\Search Protection\SearchProtection.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RSVP"=3 (0x3)
"fioo32"=2 (0x2)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\SecondLifeViewer2\\SLVoice.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"2479:TCP"= 2479:TCP:Services
"2155:TCP"= 2155:TCP:Services
"1044:TCP"= 1044:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [12/12/2011 7:52 PM 28552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 10:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 3:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 5:38 PM 116608]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/9/2004 3:00 PM 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai   REG_MULTI_SZ     Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-11 c:\windows\Tasks\AdobeAAMUpdater-1.0-BOPEEP-Compaq_Administrator.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-12-04 09:44]
.
2011-12-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]
.
2011-12-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3122169640-262842125-2451393388-1007Core.job
- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-18 19:00]
.
2011-12-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3122169640-262842125-2451393388-1007UA.job
- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-18 19:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.sweetim.com
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://home.sweetim.com
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
Trusted Zone: babynamescentral.com\www
Trusted Zone: trymedia.com
TCP: DhcpNameServer = 192.168.1.254
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\uqjfirve.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://aol.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3070524&SearchSource=2&q=
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: extentions.y2layers.installId - d65cc208-117e-45b6-86db-0136932a65c1
FF - user.js: extentions.y2layers.defaultEnableAppsLi st - Buzzdock,BuzzdockTease,DropDownDeals,BestVideoDownloader,BestVideoDownloader,
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-~EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
URLSearchHooks-~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
BHO-{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - c:\program files\Yontoo\YontooIEClient.dll
SharedTaskScheduler-{8b565bf9-8198-495f-ba43-b3e6976c87cd} - c:\windows\system32\gebojele.dll
AddRemove-Play Pickle - c:\program files\Play Pickle\ppun.exe
AddRemove-Shop to Win 4 - c:\program files\Shop to Win 4\Uninst.exe
AddRemove-Yahoo! Search Defender - c:\progra~1\Yahoo!\SEARCH~1\UNINST~1.EXE
AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - c:\docume~1\ALLUSE~1\APPLIC~1\TARMAI~1\{889DF~1\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-14 15:15
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_b427739.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(704)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(3152)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\RTHDCPL.EXE
c:\windows\arservice.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
c:\program files\Symantec\LiveUpdate\AUPDATE.EXE
.
**************************************************************************
.
Completion time: 2011-12-14 15:20:49 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-14 21:20
ComboFix2.txt 2008-11-16 16:58
.
Pre-Run: 91,253,227,520 bytes free
Post-Run: 91,475,607,552 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect /bootlog
.
- - End Of File - - 6626F8A2533F0FFD411C801D32AA40B0

strangerinchi · « **Reply #11 on:** December 14, 2011, 03:38:38 PM »

UPDATE: XP AntiSpyware software reappeared on pc 20 mins after Combofix finished!
I went back to safe mode and identified the file as oyo.exe masquerading as "Windows Music application file and it was created today and I sent it to Recycle Bin. Now I am having problems opening programs as it will show the "Open As.." box instead of going to the direct program. Currently in safe mode redownloading SpyBot and gonna see if I can scan with it.

SuperDave · « **Reply #12 on:** December 14, 2011, 05:09:27 PM »

Quote

Currently in safe mode redownloading SpyBot and gonna see if I can scan with it.

Please do not run any other programs unless I ask you to do so.

Please download SREng

Extract it to Desktop and double click SREngLdr.EXE to run it
Select System Repair from the left pane.
Click on File Association
Select all entries that has an Error status click [Repair]
Refer to this image for an example:

In your case, it would be .EXE
Close SREng now.

.

ComboFix is installed in the wrong location. Please uninstall/delete it and download a new version to your desktop and run another scan and post the log. There's something I need to fix.

strangerinchi · « **Reply #13 on:** December 15, 2011, 10:05:06 AM »

UPDATE: Hi, again! Running ComboFix screen and it has said "Combofix is preparing to run" for more than 10 minutes now and hasn't gone past that. Is that normal, cuz last time it was much faster.

SuperDave · « **Reply #14 on:** December 15, 2011, 12:29:21 PM »

Please try this. Delete ComboFix from your desktop.

Please download ComboFix

from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com
If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Rename ComboFix.exe to commy.exe before you save it to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools ]A guide to do this can be found here
Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

strangerinchi · « **Reply #15 on:** December 15, 2011, 02:48:03 PM »

Update: Ran ComboFix. And like last time it told me ZeroAccess rootkit was on the system. And as I watched it I noticed it deleting a file "_ex-68.exe from the Temp folder, a suspicious file I saw pop up on the Task Manager process list and ended the process a few times, before re-running combofix. Also wanted to note that prior to rerunning combofix, downloading to desktop and naming it "commy.exe" as you said, I would go back and forth between Safe and Regular mode and everytime, when I went back to Regular mode, it was always the way I left it and it never froze upon start-up, just had the browser hijacking and popups and browser crashes and laggings, and that was about it.
All seems to be running smoothly as the time I was virus-free, at the moment, will continue to monitor, here is the combo fix log. =]]

ComboFix 11-12-15.02 - Compaq_Administrator 12/15/2011 15:18:27.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1982.1600 [GMT -6:00]
Running from: c:\documents and settings\Compaq_Administrator\Desktop\commy.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Compaq_Administrator\Application Data\Caotd
c:\documents and settings\Compaq_Administrator\Application Data\Caotd\higy.exe
c:\documents and settings\Compaq_Administrator\Recent\Thumbs.db
c:\windows\$NtUninstallKB62280$
c:\windows\$NtUninstallKB62280$\1434328181
c:\windows\$NtUninstallKB62280$\485945278\@
c:\windows\$NtUninstallKB62280$\485945278\bckfg.tmp
c:\windows\$NtUninstallKB62280$\485945278\cfg.ini
c:\windows\$NtUninstallKB62280$\485945278\Desktop.ini
c:\windows\$NtUninstallKB62280$\485945278\keywords
c:\windows\$NtUninstallKB62280$\485945278\kwrd.dll
c:\windows\$NtUninstallKB62280$\485945278\L\aqaeidou
c:\windows\$NtUninstallKB62280$\485945278\lsflt7.ver
c:\windows\$NtUninstallKB62280$\485945278\U\00000001.@
c:\windows\$NtUninstallKB62280$\485945278\U\00000002.@
c:\windows\$NtUninstallKB62280$\485945278\U\00000004.@
c:\windows\$NtUninstallKB62280$\485945278\U\80000000.@
c:\windows\$NtUninstallKB62280$\485945278\U\80000004.@
c:\windows\$NtUninstallKB62280$\485945278\U\80000032.@
c:\windows\CSC\d6
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\wpcap.dll
c:\windows\Temp\_ex-68.exe
.
Infected copy of c:\windows\system32\drivers\mrxsmb.sys was found and disinfected
Restored copy from - The cat found it

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2011-11-15 to 2011-12-15 )))))))))))))))))))))))))))))))
.
.
2011-12-15 21:15 . 2010-02-24 12:31   454016   ----a-w-   c:\windows\system32\drivers\mrxsmb.sys
2011-12-15 16:14 . 2011-12-15 18:07   --------   d-----w-   c:\documents and settings\Compaq_Administrator\Application Data\Avdu
2011-12-14 21:07 . 2004-08-09 21:00   50176   ----a-w-   c:\windows\system32\proquota.exe
2011-12-14 21:07 . 2004-08-09 21:00   50176   ----a-w-   c:\windows\system32\dllcache\proquota.exe
2011-12-14 20:16 . 2011-12-14 20:16   --------   d-----w-   C:\_OTL
2011-12-13 01:52 . 2009-06-30 16:37   28552   ----a-w-   c:\windows\system32\drivers\pavboot.sys
2011-12-13 01:50 . 2011-12-13 01:50   --------   d-----w-   c:\program files\Panda Security
2011-12-12 07:08 . 2011-12-12 07:08   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2011-12-11 20:32 . 2011-12-11 20:32   --------   d-----w-   c:\documents and settings\Compaq_Administrator\Application Data\AVG2012
2011-12-11 20:26 . 2011-12-11 20:26   --------   d-----w-   c:\documents and settings\Compaq_Administrator\Application Data\AVG Secure Search
2011-12-11 20:25 . 2011-12-11 20:25   --------   d-----w-   c:\program files\Common Files\AVG Secure Search
2011-12-11 20:25 . 2011-12-11 20:26   --------   d-----w-   c:\program files\AVG Secure Search
2011-12-11 20:25 . 2011-12-11 20:25   --------   d--h--w-   c:\documents and settings\All Users\Application Data\Common Files
2011-12-11 20:23 . 2011-12-11 20:26   --------   d-----w-   c:\documents and settings\All Users\Application Data\AVG2012
2011-12-11 20:23 . 2011-12-11 20:24   --------   d-----w-   c:\windows\system32\drivers\AVG
2011-12-11 20:22 . 2011-12-11 20:22   --------   d-----w-   c:\program files\AVG
2011-12-11 20:01 . 2011-12-11 20:32   --------   d-----w-   c:\documents and settings\All Users\Application Data\MFAData
2011-12-11 19:32 . 2011-12-11 19:34   --------   d-----w-   C:\a39014efedd8604e4c25e763
2011-12-11 19:06 . 2011-12-11 20:33   --------   d-----w-   c:\program files\Common Files\PC Tools
2011-12-11 19:03 . 2011-12-11 19:03   --------   d-----w-   c:\documents and settings\Compaq_Administrator\Application Data\TestApp
2011-12-11 18:19 . 2011-12-11 18:19   --------   d-----w-   c:\program files\Conduit
2011-12-11 18:19 . 2011-12-15 02:12   --------   d-----w-   c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\midicairUSA
2011-12-11 18:19 . 2011-12-11 18:19   --------   d-----w-   c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Conduit
2011-12-11 18:19 . 2011-12-11 18:19   --------   d-----w-   c:\program files\midicairUSA
2011-12-11 17:35 . 2011-12-11 17:42   --------   d-----w-   c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\NPE
2011-12-11 17:35 . 2011-12-11 17:35   --------   d-----w-   c:\documents and settings\All Users\Application Data\Norton
2011-12-11 13:10 . 2001-08-17 20:06   154496   ----a-w-   c:\windows\system32\dllcache\icam4usb.sys
2011-12-11 12:53 . 2001-08-18 04:36   27648   ----a-w-   c:\windows\system32\dllcache\cyzports.dll
2011-12-11 12:46 . 2001-08-17 18:13   22044   ----a-w-   c:\windows\system32\dllcache\cem33n5.sys
2011-12-11 11:44 . 2011-12-14 20:43   --------   d-----w-   c:\documents and settings\All Users\Application Data\AVAST Software
2011-12-11 11:44 . 2011-12-11 11:44   --------   d-----w-   c:\program files\AVAST Software
2011-12-11 09:03 . 2011-12-12 03:10   23624   ----a-w-   c:\windows\system32\drivers\hitmanpro35.sys
2011-12-11 09:03 . 2011-12-11 09:03   --------   d-----w-   c:\program files\Hitman Pro 3.5
2011-12-11 09:02 . 2011-12-11 09:03   --------   d-----w-   c:\documents and settings\All Users\Application Data\Hitman Pro
2011-12-11 07:31 . 2011-12-11 11:23   --------   d-----w-   c:\documents and settings\All Users\Application Data\PC Tools
2011-12-10 06:10 . 2011-12-10 06:10   --------   d-----w-   c:\program files\Common Files\McAfee
2011-12-04 16:46 . 2011-12-04 16:46   --------   d-----w-   c:\windows\system32\wbem\Repository
2011-12-04 16:45 . 2011-12-04 16:45   --------   d-----w-   c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Solid State Networks
2011-12-04 14:23 . 2011-12-04 14:23   --------   d-----w-   c:\program files\McAfee
2011-12-03 06:11 . 2011-12-03 06:11   --------   d-----w-   c:\documents and settings\LocalService\Application Data\McAfee
2011-12-01 06:09 . 2011-12-04 14:24   --------   d-----w-   c:\documents and settings\All Users\Application Data\McAfee
2011-12-01 06:09 . 2011-12-01 06:09   --------   d-----w-   c:\documents and settings\All Users\Application Data\McAfee Security Scan
2011-12-01 06:09 . 2011-12-04 18:03   --------   d-----w-   c:\program files\McAfee Security Scan
2011-11-16 07:36 . 2011-12-11 20:54   --------   d-----w-   c:\documents and settings\Compaq_Administrator\Application Data\QuickScan
2011-11-16 05:36 . 2011-11-16 05:36   --------   d-----w-   c:\program files\ESET
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-07 12:23 . 2011-10-07 12:23   230608   ----a-w-   c:\windows\system32\drivers\avgldx86.sys
2011-10-04 12:21 . 2011-10-04 12:21   16720   ----a-w-   c:\windows\system32\drivers\AVGIDSShim.sys
2011-11-27 04:06 . 2011-05-07 00:15   134104   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.

Code: [Select]

<pre>
c:\program files\Common Files\Adobe\Updater5\AdobeUpdater .exe
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc .exe
c:\program files\iTunes\iTunesHelper .exe
c:\windows\system32\RunDll32 .exe
</pre>

.
((((((((((((((((((((((((((((( SnapShot@2011-12-14_21.15.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-15 21:34 . 2011-12-15 21:34   16384 c:\windows\temp\Perflib_Perfdata_784.dat
+ 2011-12-15 21:34 . 2011-12-15 21:34   16384 c:\windows\temp\Perflib_Perfdata_668.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{f78bf7a8-cf12-4de7-a6da-c463d1b539a7}"= "c:\program files\Dogpile Bundle Toolbar\Helper.dll" [2011-05-08 357376]
"{f3902028-4a21-4793-8e05-793e183d51c2}"= "c:\program files\midicairUSA\prxtbmidi.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{f78bf7a8-cf12-4de7-a6da-c463d1b539a7}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{C766F9AD-E91E-43DE-91DC-D007680ED4AF}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
.
[HKEY_CLASSES_ROOT\clsid\{f3902028-4a21-4793-8e05-793e183d51c2}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2011-12-11 20:25   1451336   ----a-w-   c:\program files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}]
2011-05-08 19:54   1543168   ----a-w-   c:\program files\Dogpile Bundle Toolbar\Toolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f3902028-4a21-4793-8e05-793e183d51c2}]
2011-05-09 08:49   176936   ----a-w-   c:\program files\midicairUSA\prxtbmidi.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{C80BDEB2-8735-44C6-BD55-A1CCD555667A}"= "c:\program files\Dogpile Bundle Toolbar\Toolbar.dll" [2011-05-08 1543168]
"{f3902028-4a21-4793-8e05-793e183d51c2}"= "c:\program files\midicairUSA\prxtbmidi.dll" [2011-05-09 176936]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll" [2011-12-11 1451336]
.
[HKEY_CLASSES_ROOT\clsid\{c80bdeb2-8735-44c6-bd55-a1ccd555667a}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{CCBDEEA9-517A-4862-B0A1-862AE9532228}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{f3902028-4a21-4793-8e05-793e183d51c2}]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{C80BDEB2-8735-44C6-BD55-A1CCD555667A}"= "c:\program files\Dogpile Bundle Toolbar\Toolbar.dll" [2011-05-08 1543168]
"{F3902028-4A21-4793-8E05-793E183D51C2}"= "c:\program files\midicairUSA\prxtbmidi.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{c80bdeb2-8735-44c6-bd55-a1ccd555667a}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{CCBDEEA9-517A-4862-B0A1-862AE9532228}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{f3902028-4a21-4793-8e05-793e183d51c2}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{A830B3A0-7E01-AD7C-8227-6CA295624FB0}"="c:\documents and settings\Compaq_Administrator\Application Data\Caotd\higy.exe" [N/A]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask .exe -atboottime" [X]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-13 16239616]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [N/A]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
ifaje.exe [2011-12-15 194560]
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-11-10 27136]
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-11-10 27136]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
ujqi.exe [2011-12-15 194560]
.
c:\documents and settings\Compaq_Administrator\Start Menu\Programs\Startup\AutorunsDisabled
Antimalware Doctor.lnk - c:\documents and settings\Compaq_Administrator\Application Data\DBF4505D2E0503B99DD8E1D3DBBBD72D\sorttp700.exe [N/A]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54   551296   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfgebc]
khfgebc.dll [BU]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RkHit.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AT&T Self Support Tool.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AT&T Self Support Tool.lnk
backup=c:\windows\pss\AT&T Self Support Tool.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
backup=c:\windows\pss\Compaq Connections.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Orbit.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Orbit.lnk
backup=c:\windows\pss\Orbit.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WhiteSmoke Translator.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WhiteSmoke Translator.lnk
backup=c:\windows\pss\WhiteSmoke Translator.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Administrator^Start Menu^Programs^Startup^Free Music Zilla.lnk]
path=c:\documents and settings\Compaq_Administrator\Start Menu\Programs\Startup\Free Music Zilla.lnk
backup=c:\windows\pss\Free Music Zilla.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Administrator^Start Menu^Programs^Startup^RCA Detective.lnk]
path=c:\documents and settings\Compaq_Administrator\Start Menu\Programs\Startup\RCA Detective.lnk
backup=c:\windows\pss\RCA Detective.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Administrator^Start Menu^Programs^Startup^ZooskMessenger.lnk]
path=c:\documents and settings\Compaq_Administrator\Start Menu\Programs\Startup\ZooskMessenger.lnk
backup=c:\windows\pss\ZooskMessenger.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 09:44   500208   ------w-   c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 10:57   406992   ----a-w-   c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
2011-05-03 15:43   4321112   ----a-w-   c:\program files\AIM\aim.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface]
c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Akamai\netsession_win.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AntiVirus AntiSpyware 2011]
c:\documents and settings\Compaq_Administrator\Application Data\AntiVirus AntiSpyware 2011\AntiVirus AntiSpyware.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-08-13 21:51   177440   -c--a-w-   c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast]
c:\program files\AVAST Software\Avast\avastUI.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast5]
c:\progra~1\ALWILS~1\Avast5\avastUI.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
c:\progra~1\Grisoft\AVG7\avgcc.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_TRAY]
2011-10-25 02:29   2415456   ----a-w-   c:\program files\AVG\AVG2012\avgtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupNowEZtray]
2009-09-19 13:04   562944   ----a-w-   c:\program files\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
c:\program files\BitComet\BitComet.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ClickPotatoLiteSA]
c:\program files\ClickPotatoLite\bin\10.0.659.0\ClickPotatoLiteSA.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DISCover]
2007-10-31 02:57   1095256   ----a-w-   c:\program files\DISC\DISCover.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW6]
2011-06-08 15:45   822456   ----a-w-   c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E-Set 2011]
c:\program files\E-Set 2011\e-set.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-05 21:56   64512   ----a-w-   c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\frlhavwk]
c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\qdmnov\pklssftav.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fxvjhtup]
c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\tpnwfbyar\kxyxqcgtssd.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gamevance]
c:\program files\Gamevance Games\gamevance32.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-05-18 19:00   136176   ----atw-   c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HitmanPro35]
2011-12-11 09:00   6480192   ----a-w-   c:\program files\Hitman Pro 3.5\HitmanPro35.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2003-12-22 13:38   241664   -c--a-w-   c:\program files\HP\hpcoretech\hpcmpmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 21:24   54840   -c--a-w-   c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
2006-02-15 23:34   249856   -c--a-w-   c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2004-03-04 15:46   172032   -c--a-w-   c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICS5R7Y0OS]
c:\windows\Fqugac.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jahovosuz]
c:\windows\system32\gebojele.dll [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
2005-08-24 12:51   442455   -c--a-w-   c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24   1694208   ----a-w-   c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-17 04:12   3872080   ----a-w-   c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor]
c:\progra~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
c:\progra~1\MYWEBS~1\bar\2.bin\mwsoemon.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
c:\windows\system32\NvCpl.dll [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA driver monitor]
c:\windows\nvsvc32.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-05-09 15:50   1519616   -c--a-w-   c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCFixSpeed]
2011-02-11 08:10   312440   ----a-w-   c:\program files\PCFixSpeed\PCFixTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pcsafedoctor.exe]
2011-11-01 22:22   2052608   ----a-w-   c:\program files\PCSafeDoctor\pcsafedoctor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Play Pickle]
c:\program files\Play Pickle\playpickle32.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qowhgiom]
c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\ftssqe\oqicsftav.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
c:\program files\QuickTime\qttask.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\R8388QA8U8]
c:\docume~1\COMPAQ~1\LOCALS~1\Temp\Fpt.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2005-07-22 23:14   237568   -c--a-w-   c:\windows\SMINST\Recguard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search Protection]
c:\program files\Yahoo!\Search Protection\SearchProtection.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-10-13 14:27   17351304   ----a-r-   c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sorttp700.exe]
c:\documents and settings\Compaq_Administrator\Application Data\DBF4505D2E0503B99DD8E1D3DBBBD72D\sorttp700.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 22:07   2260480   ------w-   c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-04-26 07:35   148888   -c--a-w-   c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-11-07 18:04   4617600   ----a-w-   c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 19:37   517096   -c--a-w-   c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sysfbtray]
c:\windows\freddy67.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\system tool]
c:\windows\sysguard.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
c:\program files\Common Files\Real\Update_OB\realsched.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vgkjwjqs]
c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\nfljrr\habvsftav.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt]
2011-12-11 20:25   218464   ----a-w-   c:\program files\AVG Secure Search\vprot.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
2006-07-21 21:19   129536   -c--a-w-   c:\progra~1\Yahoo!\browser\ybrwicon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
c:\program files\Yahoo!\Search Protection\SearchProtection.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RSVP"=3 (0x3)
"fioo32"=2 (0x2)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\SecondLifeViewer2\\SLVoice.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"2479:TCP"= 2479:TCP:Services
"2155:TCP"= 2155:TCP:Services
"1044:TCP"= 1044:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"10432:UDP"= 10432:UDP:UDP 10432
"23624:TCP"= 23624:TCP:TCP 23624
.
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [12/12/2011 7:52 PM 28552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 10:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 3:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 5:38 PM 116608]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/9/2004 3:00 PM 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai   REG_MULTI_SZ     Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-11 c:\windows\Tasks\AdobeAAMUpdater-1.0-BOPEEP-Compaq_Administrator.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-12-04 09:44]
.
2011-12-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]
.
2011-12-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3122169640-262842125-2451393388-1007Core.job
- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-18 19:00]
.
2011-12-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3122169640-262842125-2451393388-1007UA.job
- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-18 19:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.sweetim.com
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://home.sweetim.com
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
Trusted Zone: babynamescentral.com\www
Trusted Zone: trymedia.com
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\uqjfirve.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://aol.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3070524&SearchSource=2&q=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\Compaq_Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-15 15:35
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_b427739.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(724)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\msacm32.drv
.
- - - - - - - > 'explorer.exe'(3992)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\arservice.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\ARPWRMSG.EXE
c:\windows\RTHDCPL.EXE
c:\windows\system32\taskmgr.exe
.
**************************************************************************
.
Completion time: 2011-12-15 15:38:41 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-15 21:38
ComboFix2.txt 2011-12-14 21:20
ComboFix3.txt 2008-11-16 16:58
.
Pre-Run: 91,037,110,272 bytes free
Post-Run: 91,356,209,152 bytes free
.
- - End Of File - - 0D9AA94C56A499CA91BA03DC30DA4722

strangerinchi · « **Reply #16 on:** December 15, 2011, 03:23:55 PM »

UPDATE:

Browsers still crashing, and Automatic Update wants to run for some reason, Dr. Watson's Postmortem Debugger message came up about how it couldn't run, MRT.exe was running in the processes for some reason, otherwise, everything else seems ok.

SuperDave · « **Reply #17 on:** December 15, 2011, 07:44:30 PM »

Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
*******************************************************
Re-running ComboFix to remove infections:

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:
Quote
KillAll::

RenV::
c:\program files\Common Files\Adobe\Updater5\AdobeUpdater .exe
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc .exe
c:\program files\iTunes\iTunesHelper .exe
c:\windows\system32\RunDll32 .exe

Firefox::
Trusted Zone: babynamescentral.com\www
Trusted Zone: trymedia.com
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

strangerinchi · « **Reply #18 on:** December 16, 2011, 12:06:06 AM »

Here is the checkup.txt log you requested. =]]]]

===================================================================

Results of screen317's Security Check version 0.99.28
Windows XP Service Pack 2 x86
Out of date service pack!!
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
AVG 2012
ESET Online Scanner v3
McAfee Security Scan Plus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner (remove only)
Java(TM) 6 Update 13
Java(TM) 6 Update 2
Java version out of date!
Adobe Flash Player ( 10.0.32.18) Flash Player out of Date!
Adobe Reader 8 Adobe Reader out of date!
Mozilla Firefox (8.0.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent
``````````End of Log````````````

strangerinchi · « **Reply #19 on:** December 16, 2011, 12:32:21 AM »

Here is the new ComboFix log =D

=====================================================================

ComboFix 11-12-15.02 - Compaq_Administrator 12/16/2011 1:13.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1982.1677 [GMT -6:00]
Running from: c:\documents and settings\Compaq_Administrator\Desktop\commy.exe
Command switches used :: c:\documents and settings\Compaq_Administrator\Desktop\CFScript.txt.txt
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Compaq_Administrator\Application Data\Caotd\higy.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-11-16 to 2011-12-16 )))))))))))))))))))))))))))))))
.
.
2011-12-15 22:05 . 2011-12-15 22:05   --------   d-----w-   c:\windows\LastGood.Tmp
2011-12-15 21:15 . 2010-02-24 12:31   454016   ----a-w-   c:\windows\system32\drivers\mrxsmb.sys
2011-12-15 16:14 . 2011-12-15 18:07   --------   d-----w-   c:\documents and settings\Compaq_Administrator\Application Data\Avdu
2011-12-14 21:07 . 2004-08-09 21:00   50176   ----a-w-   c:\windows\system32\proquota.exe
2011-12-14 21:07 . 2004-08-09 21:00   50176   ----a-w-   c:\windows\system32\dllcache\proquota.exe
2011-12-14 20:16 . 2011-12-14 20:16   --------   d-----w-   C:\_OTL
2011-12-13 01:52 . 2009-06-30 16:37   28552   ----a-w-   c:\windows\system32\drivers\pavboot.sys
2011-12-13 01:50 . 2011-12-13 01:50   --------   d-----w-   c:\program files\Panda Security
2011-12-12 07:08 . 2011-12-12 07:08   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2011-12-11 20:32 . 2011-12-11 20:32   --------   d-----w-   c:\documents and settings\Compaq_Administrator\Application Data\AVG2012
2011-12-11 20:26 . 2011-12-11 20:26   --------   d-----w-   c:\documents and settings\Compaq_Administrator\Application Data\AVG Secure Search
2011-12-11 20:25 . 2011-12-11 20:25   --------   d-----w-   c:\program files\Common Files\AVG Secure Search
2011-12-11 20:25 . 2011-12-11 20:26   --------   d-----w-   c:\program files\AVG Secure Search
2011-12-11 20:25 . 2011-12-11 20:25   --------   d--h--w-   c:\documents and settings\All Users\Application Data\Common Files
2011-12-11 20:23 . 2011-12-11 20:26   --------   d-----w-   c:\documents and settings\All Users\Application Data\AVG2012
2011-12-11 20:23 . 2011-12-11 20:24   --------   d-----w-   c:\windows\system32\drivers\AVG
2011-12-11 20:22 . 2011-12-11 20:22   --------   d-----w-   c:\program files\AVG
2011-12-11 20:01 . 2011-12-11 20:32   --------   d-----w-   c:\documents and settings\All Users\Application Data\MFAData
2011-12-11 19:32 . 2011-12-11 19:34   --------   d-----w-   C:\a39014efedd8604e4c25e763
2011-12-11 19:06 . 2011-12-11 20:33   --------   d-----w-   c:\program files\Common Files\PC Tools
2011-12-11 19:03 . 2011-12-11 19:03   --------   d-----w-   c:\documents and settings\Compaq_Administrator\Application Data\TestApp
2011-12-11 18:19 . 2011-12-11 18:19   --------   d-----w-   c:\program files\Conduit
2011-12-11 18:19 . 2011-12-15 02:12   --------   d-----w-   c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\midicairUSA
2011-12-11 18:19 . 2011-12-11 18:19   --------   d-----w-   c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Conduit
2011-12-11 18:19 . 2011-12-11 18:19   --------   d-----w-   c:\program files\midicairUSA
2011-12-11 17:35 . 2011-12-11 17:42   --------   d-----w-   c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\NPE
2011-12-11 17:35 . 2011-12-11 17:35   --------   d-----w-   c:\documents and settings\All Users\Application Data\Norton
2011-12-11 13:10 . 2001-08-17 20:06   154496   ----a-w-   c:\windows\system32\dllcache\icam4usb.sys
2011-12-11 12:53 . 2001-08-18 04:36   27648   ----a-w-   c:\windows\system32\dllcache\cyzports.dll
2011-12-11 12:46 . 2001-08-17 18:13   22044   ----a-w-   c:\windows\system32\dllcache\cem33n5.sys
2011-12-11 11:44 . 2011-12-14 20:43   --------   d-----w-   c:\documents and settings\All Users\Application Data\AVAST Software
2011-12-11 11:44 . 2011-12-11 11:44   --------   d-----w-   c:\program files\AVAST Software
2011-12-11 09:03 . 2011-12-12 03:10   23624   ----a-w-   c:\windows\system32\drivers\hitmanpro35.sys
2011-12-11 09:03 . 2011-12-11 09:03   --------   d-----w-   c:\program files\Hitman Pro 3.5
2011-12-11 09:02 . 2011-12-11 09:03   --------   d-----w-   c:\documents and settings\All Users\Application Data\Hitman Pro
2011-12-11 07:31 . 2011-12-11 11:23   --------   d-----w-   c:\documents and settings\All Users\Application Data\PC Tools
2011-12-10 06:10 . 2011-12-10 06:10   --------   d-----w-   c:\program files\Common Files\McAfee
2011-12-04 16:46 . 2011-12-04 16:46   --------   d-----w-   c:\windows\system32\wbem\Repository
2011-12-04 16:45 . 2011-12-04 16:45   --------   d-----w-   c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Solid State Networks
2011-12-04 14:23 . 2011-12-04 14:23   --------   d-----w-   c:\program files\McAfee
2011-12-03 06:11 . 2011-12-03 06:11   --------   d-----w-   c:\documents and settings\LocalService\Application Data\McAfee
2011-12-01 06:09 . 2011-12-04 14:24   --------   d-----w-   c:\documents and settings\All Users\Application Data\McAfee
2011-12-01 06:09 . 2011-12-01 06:09   --------   d-----w-   c:\documents and settings\All Users\Application Data\McAfee Security Scan
2011-12-01 06:09 . 2011-12-04 18:03   --------   d-----w-   c:\program files\McAfee Security Scan
2011-11-16 07:36 . 2011-12-11 20:54   --------   d-----w-   c:\documents and settings\Compaq_Administrator\Application Data\QuickScan
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-14 23:38 . 2004-08-09 21:00   456192   ----a-w-   c:\windows\system32\encdec.dll
2011-10-07 12:23 . 2011-10-07 12:23   230608   ----a-w-   c:\windows\system32\drivers\avgldx86.sys
2011-10-04 12:21 . 2011-10-04 12:21   16720   ----a-w-   c:\windows\system32\drivers\AVGIDSShim.sys
2011-11-27 04:06 . 2011-05-07 00:15   134104   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-14_21.15.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-16 07:25 . 2011-12-16 07:25   16384 c:\windows\temp\Perflib_Perfdata_50c.dat
+ 2011-12-16 07:25 . 2011-12-16 07:25   16384 c:\windows\temp\Perflib_Perfdata_2b0.dat
- 2006-11-10 23:58 . 2010-12-21 15:36   26488 c:\windows\system32\spupdsvc.exe
+ 2006-11-10 23:58 . 2010-12-21 17:36   26488 c:\windows\system32\spupdsvc.exe
+ 2006-11-11 00:05 . 2010-12-21 17:36   17272 c:\windows\system32\spmsg.dll
- 2006-11-11 00:05 . 2010-12-21 15:36   17272 c:\windows\system32\spmsg.dll
- 2011-09-21 21:06 . 2011-09-21 21:06   38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2011-12-15 22:06 . 2011-12-15 22:06   38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2004-08-09 21:00 . 2011-02-04 22:48   456192 c:\windows\system32\dllcache\encdec.dll
+ 2004-08-09 21:00 . 2011-10-14 23:38   456192 c:\windows\system32\dllcache\encdec.dll
+ 2011-11-01 19:34 . 2011-11-01 19:34   1552384 c:\windows\Installer\19b371.msp
+ 2011-11-01 19:34 . 2011-11-01 19:34   2531840 c:\windows\Installer\19b368.msp
+ 2011-11-11 22:16 . 2011-11-11 22:16   8458240 c:\windows\Installer\19b35f.msp
+ 2010-05-06 21:04 . 2011-12-15 22:03   52988224 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{f78bf7a8-cf12-4de7-a6da-c463d1b539a7}"= "c:\program files\Dogpile Bundle Toolbar\Helper.dll" [2011-05-08 357376]
"{f3902028-4a21-4793-8e05-793e183d51c2}"= "c:\program files\midicairUSA\prxtbmidi.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{f78bf7a8-cf12-4de7-a6da-c463d1b539a7}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{C766F9AD-E91E-43DE-91DC-D007680ED4AF}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
.
[HKEY_CLASSES_ROOT\clsid\{f3902028-4a21-4793-8e05-793e183d51c2}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2011-12-11 20:25   1451336   ----a-w-   c:\program files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}]
2011-05-08 19:54   1543168   ----a-w-   c:\program files\Dogpile Bundle Toolbar\Toolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f3902028-4a21-4793-8e05-793e183d51c2}]
2011-05-09 08:49   176936   ----a-w-   c:\program files\midicairUSA\prxtbmidi.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{C80BDEB2-8735-44C6-BD55-A1CCD555667A}"= "c:\program files\Dogpile Bundle Toolbar\Toolbar.dll" [2011-05-08 1543168]
"{f3902028-4a21-4793-8e05-793e183d51c2}"= "c:\program files\midicairUSA\prxtbmidi.dll" [2011-05-09 176936]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll" [2011-12-11 1451336]
.
[HKEY_CLASSES_ROOT\clsid\{c80bdeb2-8735-44c6-bd55-a1ccd555667a}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{CCBDEEA9-517A-4862-B0A1-862AE9532228}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{f3902028-4a21-4793-8e05-793e183d51c2}]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{C80BDEB2-8735-44C6-BD55-A1CCD555667A}"= "c:\program files\Dogpile Bundle Toolbar\Toolbar.dll" [2011-05-08 1543168]
"{F3902028-4A21-4793-8E05-793E183D51C2}"= "c:\program files\midicairUSA\prxtbmidi.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{c80bdeb2-8735-44c6-bd55-a1ccd555667a}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{CCBDEEA9-517A-4862-B0A1-862AE9532228}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{f3902028-4a21-4793-8e05-793e183d51c2}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask .exe -atboottime" [X]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-13 16239616]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
ifaje.exe [2011-12-15 194560]
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-11-10 27136]
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-11-10 27136]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
ujqi.exe [2011-12-15 194560]
.
c:\documents and settings\Compaq_Administrator\Start Menu\Programs\Startup\AutorunsDisabled
Antimalware Doctor.lnk - c:\documents and settings\Compaq_Administrator\Application Data\DBF4505D2E0503B99DD8E1D3DBBBD72D\sorttp700.exe [N/A]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54   551296   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfgebc]
khfgebc.dll [BU]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RkHit.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AT&T Self Support Tool.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AT&T Self Support Tool.lnk
backup=c:\windows\pss\AT&T Self Support Tool.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
backup=c:\windows\pss\Compaq Connections.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Orbit.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Orbit.lnk
backup=c:\windows\pss\Orbit.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WhiteSmoke Translator.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WhiteSmoke Translator.lnk
backup=c:\windows\pss\WhiteSmoke Translator.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Administrator^Start Menu^Programs^Startup^Free Music Zilla.lnk]
path=c:\documents and settings\Compaq_Administrator\Start Menu\Programs\Startup\Free Music Zilla.lnk
backup=c:\windows\pss\Free Music Zilla.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Administrator^Start Menu^Programs^Startup^RCA Detective.lnk]
path=c:\documents and settings\Compaq_Administrator\Start Menu\Programs\Startup\RCA Detective.lnk
backup=c:\windows\pss\RCA Detective.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Administrator^Start Menu^Programs^Startup^ZooskMessenger.lnk]
path=c:\documents and settings\Compaq_Administrator\Start Menu\Programs\Startup\ZooskMessenger.lnk
backup=c:\windows\pss\ZooskMessenger.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 09:44   500208   ------w-   c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 10:57   406992   ----a-w-   c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2010-08-09 20:19   2356088   ----a-w-   c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
2011-05-03 15:43   4321112   ----a-w-   c:\program files\AIM\aim.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-08-13 21:51   177440   -c--a-w-   c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_TRAY]
2011-10-25 02:29   2415456   ----a-w-   c:\program files\AVG\AVG2012\avgtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupNowEZtray]
2009-09-19 13:04   562944   ----a-w-   c:\program files\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DISCover]
2007-10-31 02:57   1095256   ----a-w-   c:\program files\DISC\DISCover.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW6]
2011-06-08 15:45   822456   ----a-w-   c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-05 21:56   64512   ----a-w-   c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-05-18 19:00   136176   ----atw-   c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HitmanPro35]
2011-12-11 09:00   6480192   ----a-w-   c:\program files\Hitman Pro 3.5\HitmanPro35.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2003-12-22 13:38   241664   -c--a-w-   c:\program files\HP\hpcoretech\hpcmpmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 21:24   54840   -c--a-w-   c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
2006-02-15 23:34   249856   -c--a-w-   c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2004-03-04 15:46   172032   -c--a-w-   c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
2005-08-24 12:51   442455   -c--a-w-   c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24   1694208   ----a-w-   c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-17 04:12   3872080   ----a-w-   c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-05-09 15:50   1519616   -c--a-w-   c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCFixSpeed]
2011-02-11 08:10   312440   ----a-w-   c:\program files\PCFixSpeed\PCFixTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pcsafedoctor.exe]
2011-11-01 22:22   2052608   ----a-w-   c:\program files\PCSafeDoctor\pcsafedoctor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2005-07-22 23:14   237568   -c--a-w-   c:\windows\SMINST\Recguard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-10-13 14:27   17351304   ----a-r-   c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 22:07   2260480   ------w-   c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-04-26 07:35   148888   -c--a-w-   c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-11-07 18:04   4617600   ----a-w-   c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 19:37   517096   -c--a-w-   c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt]
2011-12-11 20:25   218464   ----a-w-   c:\program files\AVG Secure Search\vprot.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
2006-07-21 21:19   129536   -c--a-w-   c:\progra~1\Yahoo!\browser\ybrwicon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RSVP"=3 (0x3)
"fioo32"=2 (0x2)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\SecondLifeViewer2\\SLVoice.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"2479:TCP"= 2479:TCP:Services
"2155:TCP"= 2155:TCP:Services
"1044:TCP"= 1044:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"10432:UDP"= 10432:UDP:UDP 10432
"23624:TCP"= 23624:TCP:TCP 23624
.
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [12/12/2011 7:52 PM 28552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 10:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 3:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 5:38 PM 116608]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/9/2004 3:00 PM 14336]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - EHRECVR
*NewlyCreated* - EHSCHED
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai   REG_MULTI_SZ     Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-11 c:\windows\Tasks\AdobeAAMUpdater-1.0-BOPEEP-Compaq_Administrator.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-12-04 09:44]
.
2011-12-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]
.
2011-12-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3122169640-262842125-2451393388-1007Core.job
- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-18 19:00]
.
2011-12-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3122169640-262842125-2451393388-1007UA.job
- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-18 19:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.sweetim.com
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://home.sweetim.com
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
Trusted Zone: babynamescentral.com\www
Trusted Zone: trymedia.com
TCP: DhcpNameServer = 192.168.1.254
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\uqjfirve.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://aol.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3070524&SearchSource=2&q=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKCU-Run-{A830B3A0-7E01-AD7C-8227-6CA295624FB0} - c:\documents and settings\Compaq_Administrator\Application Data\Caotd\higy.exe
HKLM-Run-NvCplDaemon - c:\windows\system32\NvCpl.dll
MSConfigStartUp-Akamai NetSession Interface - c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Akamai\netsession_win.exe
MSConfigStartUp-AntiVirus AntiSpyware 2011 - c:\documents and settings\Compaq_Administrator\Application Data\AntiVirus AntiSpyware 2011\AntiVirus AntiSpyware.exe
MSConfigStartUp-avast - c:\program files\AVAST Software\Avast\avastUI.exe
MSConfigStartUp-avast5 - c:\progra~1\ALWILS~1\Avast5\avastUI.exe
MSConfigStartUp-AVG7_CC - c:\progra~1\Grisoft\AVG7\avgcc.exe
MSConfigStartUp-BitComet - c:\program files\BitComet\BitComet.exe
MSConfigStartUp-ClickPotatoLiteSA - c:\program files\ClickPotatoLite\bin\10.0.659.0\ClickPotatoLiteSA.exe
MSConfigStartUp-E-Set 2011 - c:\program files\E-Set 2011\e-set.exe
MSConfigStartUp-frlhavwk - c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\qdmnov\pklssftav.exe
MSConfigStartUp-fxvjhtup - c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\tpnwfbyar\kxyxqcgtssd.exe
MSConfigStartUp-Gamevance - c:\program files\Gamevance Games\gamevance32.exe
MSConfigStartUp-ICS5R7Y0OS - c:\windows\Fqugac.exe
MSConfigStartUp-jahovosuz - c:\windows\system32\gebojele.dll
MSConfigStartUp-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe
MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
MSConfigStartUp-NvCplDaemon - c:\windows\system32\NvCpl.dll
MSConfigStartUp-NVIDIA driver monitor - c:\windows\nvsvc32.exe
MSConfigStartUp-Play Pickle - c:\program files\Play Pickle\playpickle32.exe
MSConfigStartUp-qowhgiom - c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\ftssqe\oqicsftav.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\qttask.exe
MSConfigStartUp-R8388QA8U8 - c:\docume~1\COMPAQ~1\LOCALS~1\Temp\Fpt.exe
MSConfigStartUp-Search Protection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe
MSConfigStartUp-sorttp700 - c:\documents and settings\Compaq_Administrator\Application Data\DBF4505D2E0503B99DD8E1D3DBBBD72D\sorttp700.exe
MSConfigStartUp-sysfbtray - c:\windows\freddy67.exe
MSConfigStartUp-system tool - c:\windows\sysguard.exe
MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
MSConfigStartUp-vgkjwjqs - c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\nfljrr\habvsftav.exe
MSConfigStartUp-YSearchProtection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-16 01:26
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_b427739.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(732)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(2716)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\RTHDCPL.EXE
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\arservice.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
c:\program files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\windows\system32\dllhost.exe
.
**************************************************************************
.
Completion time: 2011-12-16 01:29:28 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-16 07:29
ComboFix2.txt 2011-12-15 21:38
ComboFix3.txt 2011-12-14 21:20
ComboFix4.txt 2008-11-16 16:58
.
Pre-Run: 90,809,044,992 bytes free
Post-Run: 91,207,462,912 bytes free
.
- - End Of File - - FF0025947DC922EA22C39860B66DAA92

strangerinchi · « **Reply #20 on:** December 16, 2011, 11:36:00 AM »

UPDATE: On regular mode, everything started freezing (including the browsers) and I cold booted. I left my pc on safe mode. =[

SuperDave · « **Reply #21 on:** December 16, 2011, 06:06:55 PM »

Save these instructions so you can have access to them while in Safe Mode.

Please click here to download AVP Tool by Kaspersky.

Save it to your desktop.
Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
Double click the setup file to run it.
Click Next to continue.
Accept the License agreement and click on next.
It will, by default, install it to your desktop folder. Click Next.
It will then open a box There will be a tab that says Automatic scan.
Under Automatic scan make sure these are checked.
Hidden Startup Objects
System Memory
Disk Boot Sectors.
My Computer.
Also any other drives (Removable that you may have)

Leave the rest of the settings as they appear as default.
•Then click on Scan at the to right hand Corner.
•It will automatically Neutralize any objects found.
•If some objects are left un-neutralized then click the button that says Neutralize all
•If it says it cannot be neutralized then choose the delete option when prompted.
•After that is done click on the reports button at the bottom and save it to file name it Kas.
•Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

Note: This tool will self uninstall when you close it so please save the log before closing it.

strangerinchi · « **Reply #22 on:** December 17, 2011, 09:43:50 AM »

UPDATE: Ran program, but wasn't able to save log before it restarted.
But I happened to be taking some notes and one of the files deleted, a Win 32 virus was svcs.exe

Do you want me to run the program again with a new report from it?

strangerinchi · « **Reply #23 on:** December 17, 2011, 09:54:20 AM »

Also noticed, upon startup, I got the "Sorry for the inconveinience but Windows did not start" screen and I proceeded to restart Windows from there, then Windows XP started up normally and when it came to the startup page, there was an error related to the scan or deletion of the Kapersky program. I went back to safe mode once more and left to go to regular mode and started up XP with no more problems. My apologies for overlooking the part about saving the log.

SuperDave · « **Reply #24 on:** December 17, 2011, 11:06:18 AM »

I noticed that you asked for help in this forum. Please inform me if you start doing any scans from that site.

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the

button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

•Check

•Click the

button.
•Accept any security warnings from your browser.
•Check

•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push

•Push

, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the

button.
•Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

strangerinchi · « **Reply #25 on:** December 17, 2011, 12:46:54 PM »

Hi! Yeah I actually went to that site prior to coming to this one. ^^ Will run ESET scanner soon.

strangerinchi · « **Reply #26 on:** December 17, 2011, 07:54:16 PM »

Do you want me to check the box next to "Remove found threats" on the ESET scan?
Yes,please.

strangerinchi · « **Reply #27 on:** December 20, 2011, 05:04:54 AM »

Okay, will scan soon.

strangerinchi · « **Reply #28 on:** December 21, 2011, 05:21:10 PM »

Okay, here's the results of the ESET scan, sorry for the delay.

=========================================================
C:\Documents and Settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\cache\6.0\10\28d68ca-112ba6d2   a variant of Win32/Kryptik.XUP trojan   cleaned by deleting - quarantined
C:\Documents and Settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\cache\6.0\52\dcccaf4-7ce0ab4a   Java/Exploit.CVE-2011-3544.I trojan   deleted - quarantined
C:\Documents and Settings\Compaq_Administrator\Local Settings\temp\0.20380625498182015.exe   a variant of Win32/Kryptik.XUP trojan   cleaned by deleting - quarantined
C:\Documents and Settings\Compaq_Administrator\Local Settings\temp\wpbt0.dll   a variant of Win32/Kryptik.XUP trojan   cleaned by deleting - quarantined
C:\Program Files\PCSafeDoctor\pcsafedoctor.exe   Win32/Adware.SpywareCease application   cleaned by deleting - quarantined
C:\Program Files\PCSafeDoctor\RkHitApi.dll   a variant of Win32/Adware.SpywareCease.AA application   cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Compaq_Administrator\Application Data\Caotd\higy.exe.vir   a variant of Win32/Kryptik.XLE trojan   deleted - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\dcbeg.bak1.vir   Win32/Adware.Virtumonde.NEO application   cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\dcbeg.bak2.vir   Win32/Adware.Virtumonde.NEO application   cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\dcbeg.ini.vir   Win32/Adware.Virtumonde.NEO application   cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\mrxsmb.sys.vir   Win32/Sirefef.DA trojan   cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\RKHit.sys.vir   Win32/Adware.SpywareCease application   cleaned by deleting - quarantined
C:\RECYCLER\S-1-5-21-3122169640-262842125-2451393388-1007\Dc2.exe   Win32/TrojanClicker.Agent.NEB trojan   cleaned by deleting - quarantined
C:\RECYCLER\S-1-5-21-3122169640-262842125-2451393388-1007\Dc1\setup.exe   Win32/TrojanDownloader.Unruy.BN trojan   cleaned by deleting - quarantined
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP1\A0000040.sys   Win32/Adware.SpywareCease application   cleaned by deleting - quarantined
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP1\A0000123.sys   Win32/Sirefef.DA trojan   cleaned by deleting - quarantined
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP1\A0000130.exe   a variant of Win32/Kryptik.XIR trojan   cleaned by deleting - quarantined
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP1\A0000132.sys   Win32/Sirefef.DA trojan   cleaned by deleting - quarantined
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP1\A0002140.sys   Win32/Sirefef.DA trojan   cleaned by deleting - quarantined
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP1\A0002149.sys   Win32/Sirefef.DA trojan   cleaned by deleting - quarantined
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP1\A0002163.exe   a variant of Win32/Kryptik.XIR trojan   cleaned by deleting - quarantined
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP1\A0002165.sys   Win32/Sirefef.DA trojan   cleaned by deleting - quarantined
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP1\A0002179.sys   Win32/Sirefef.DA trojan   cleaned by deleting - quarantined
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP1\A0002223.sys   Win32/Sirefef.DA trojan   cleaned by deleting - quarantined
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP1\A0002234.sys   Win32/Sirefef.DA trojan   cleaned by deleting - quarantined
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP1\A0002326.sys   Win32/Sirefef.DA trojan   cleaned by deleting - quarantined
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP1\A0002437.sys   Win32/Sirefef.DA trojan   cleaned by deleting - quarantined
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP1\A0002470.exe   a variant of Win32/Kryptik.XLE trojan   deleted - quarantined
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP2\A0004710.sys   Win32/Sirefef.DA trojan   cleaned by deleting - quarantined
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP2\A0004718.exe   a variant of Win32/Kryptik.XKR trojan   cleaned by deleting - quarantined
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP2\A0004804.sys   Win32/Sirefef.DA trojan   cleaned by deleting - quarantined
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP2\A0005804.sys   Win32/Sirefef.DA trojan   cleaned by deleting - quarantined
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP2\A0005813.sys   Win32/Sirefef.DA trojan   cleaned by deleting - quarantined
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0005835.sys   Win32/Sirefef.DA trojan   cleaned by deleting - quarantined
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0005845.sys   Win32/Sirefef.DA trojan   cleaned by deleting - quarantined
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0005856.exe   probably a variant of Win32/Spy.Agent.CXWZSIU trojan   cleaned by deleting - quarantined
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0005858.sys   Win32/Sirefef.DA trojan   cleaned by deleting - quarantined
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0006858.sys   Win32/Sirefef.DA trojan   cleaned by deleting - quarantined
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0006860.exe   probably a variant of Win32/Spy.KeyLogger.LFJNMOG trojan   cleaned by deleting - quarantined
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0006871.sys   Win32/Sirefef.DA trojan   cleaned by deleting - quarantined
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0006882.sys   Win32/Sirefef.DA trojan   cleaned by deleting - quarantined
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0008916.sys   Win32/Sirefef.DA trojan   cleaned by deleting - quarantined
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP4\A0008939.sys   Win32/Sirefef.DA trojan   cleaned by deleting - quarantined
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP4\A0008955.sys   Win32/Sirefef.DA trojan   cleaned by deleting - quarantined
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP4\A0009955.sys   Win32/Sirefef.DA trojan   cleaned by deleting - quarantined
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP4\A0010955.sys   Win32/Sirefef.DA trojan   cleaned by deleting - quarantined
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP4\A0011052.exe   probably a variant of Win32/Spy.Agent.CXWZSIU trojan   cleaned by deleting - quarantined
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP5\A0011955.sys   Win32/Sirefef.DA trojan   cleaned by deleting - quarantined
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP5\A0012065.sys   Win32/Sirefef.DA trojan   cleaned by deleting - quarantined
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP5\A0013065.sys   Win32/Sirefef.DA trojan   cleaned by deleting - quarantined
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP5\A0013089.exe   Win32/Adware.SpywareCease application   cleaned by deleting - quarantined
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP5\A0013090.dll   a variant of Win32/Adware.SpywareCease.AA application   cleaned by deleting - quarantined
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP5\A0013091.exe   Win32/TrojanClicker.Agent.NEB trojan   cleaned by deleting - quarantined
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP5\A0013092.exe   Win32/TrojanDownloader.Unruy.BN trojan   cleaned by deleting - quarantined
C:\WINDOWS\5230238   probably a variant of Win32/Routmo.AL trojan   cleaned by deleting - quarantined
C:\WINDOWS\system32\6to4ex.dll   a variant of Win32/Routmo.N trojan   cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\mrxsmb.sys   Win32/Sirefef.DA trojan   cleaned by deleting - quarantined
D:\I386\APPS\APP15973\src\CompaqPresario_Spring06.exe   a variant of Win32/Toolbar.MyWebSearch application   deleted - quarantined
D:\I386\APPS\APP15973\src\HPPavillion_Spring06.exe   a variant of Win32/Toolbar.MyWebSearch application   deleted - quarantined
D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP5\A0013095.exe   a variant of Win32/Toolbar.MyWebSearch application   deleted - quarantined
D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP5\A0013096.exe   a variant of Win32/Toolbar.MyWebSearch application   deleted - quarantined
Operating memory   multiple threats

SuperDave · « **Reply #29 on:** December 21, 2011, 05:26:53 PM »

How's your computer running now?

Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.

strangerinchi · « **Reply #30 on:** December 22, 2011, 07:48:20 PM »

Hi! Browsers still crashing, freezing and redirecting, unfortunately. =[[

strangerinchi · « **Reply #31 on:** December 22, 2011, 08:12:05 PM »

UPDATE: Okay I did download the new Java version (as mine was 6 Update 13) and followed the other directions. ^^

SuperDave · « **Reply #32 on:** December 23, 2011, 12:41:27 PM »

Let's run a few more scans to see what turns up.

Please download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

On completion of the scan click save log, save it to your desktop and post in your next reply

strangerinchi · « **Reply #33 on:** December 26, 2011, 06:58:03 PM »

Hi, Dave! Hope you and yours had a very merry xmas! =]]] Here is the log from the scan:

========================================================================

aswMBR version 0.9.9.1120 Copyright(c) 2011 AVAST Software
Run date: 2011-12-26 19:54:08
-----------------------------
19:54:08.753 OS Version: Windows 5.1.2600 Service Pack 2
19:54:08.753 Number of processors: 1 586 0x4F02
19:54:08.753 ComputerName: BOPEEP UserName:
19:54:09.470 Initialize success
19:55:14.292 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5
19:55:14.292 Disk 0 Vendor: ST3160812AS 3.AHH Size: 152627MB BusType: 3
19:55:16.334 Disk 0 MBR read successfully
19:55:16.334 Disk 0 MBR scan
19:55:16.334 Disk 0 unknown MBR code
19:55:16.334 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 143846 MB offset 63
19:55:16.349 Disk 0 Partition 2 00 0C FAT32 LBA RECOVERY 8770 MB offset 294613200
19:55:16.349 Disk 0 scanning sectors +312575760
19:55:16.381 Disk 0 malicious Win32:MBRoot code @ sector 312575763 !
19:55:16.381 Disk 0 PE file @ sector 312575785 !
19:55:16.396 Disk 0 scanning C:\WINDOWS\system32\drivers
19:55:21.882 Service scanning
19:55:22.288 Service ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys **LOCKED** 32
19:55:23.223 Modules scanning
19:55:59.507 Disk 0 trace - called modules:
19:55:59.523 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys >>UNKNOWN [0x8a996259]<<
19:55:59.523 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a8f7030]
19:55:59.523 3 CLASSPNP.SYS[ba10905b] -> nt!IofCallDriver -> \Device\0000006c[0x8aa152c8]
19:55:59.523 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-5[0x8aa97940]
19:55:59.523 Scan finished successfully
19:56:19.613 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Compaq_Administrator\Desktop\MBR.dat"
19:56:19.613 The log file has been saved successfully to "C:\Documents and Settings\Compaq_Administrator\Desktop\aswMBR.txt"

SuperDave · « **Reply #34 on:** December 27, 2011, 11:42:15 AM »

Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.

Link 1
Link 2
Link 3

•Double-click on MBRCheck.exe to run it.

•It will open a black window...please do not fix anything (if it gives you an option).

•When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.

•A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
•Please copy and paste the contents of that log in your next reply.

strangerinchi · « **Reply #35 on:** December 27, 2011, 01:32:02 PM »

Hi! Here is the MBRCheck scan log. =]]

======================================================================
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version:      Windows XP Professional
Windows Information:      Service Pack 2 (build 2600)
Logical Drives Mask:      0x0000001c

Kernel Drivers (total 126):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806CE000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA0B8000 ohci1394.sys
0xBA0C8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA5AC000 viaide.sys
0xBA5AE000 intelide.sys
0xBA0D8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA5B0000 dmload.sys
0xB9F23000 dmio.sys
0xBA330000 PartMgr.sys
0xBA338000 pavboot.sys
0xBA0E8000 VolSnap.sys
0xB9F0B000 atapi.sys
0xBA0F8000 disk.sys
0xBA108000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9EEB000 fltMgr.sys
0xB9ED9000 sr.sys
0xBA118000 PxHelp20.sys
0xB9EC2000 KSecDD.sys
0xB9E35000 Ntfs.sys
0xB9E08000 NDIS.sys
0xB9DED000 Mup.sys
0xBA198000 \SystemRoot\system32\DRIVERS\AmdK8.sys
0xBA468000 \SystemRoot\system32\DRIVERS\aracpi.sys
0xB9059000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB9045000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xBA470000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xB9022000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA478000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xBA1A8000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA650000 \??\C:\WINDOWS\system32\drivers\UBHelper.sys
0xBA1B8000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA1C8000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB8FFF000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA652000 \??\C:\WINDOWS\system32\drivers\NTIDrvr.sys
0xBA480000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xB8FBA000 \SystemRoot\system32\DRIVERS\HSXHWBS2.sys
0xB8EC3000 \SystemRoot\system32\DRIVERS\HSX_DP.sys
0xB8E0D000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0xBA488000 \SystemRoot\System32\Drivers\Modem.SYS
0xB8DE8000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xBA574000 \SystemRoot\system32\DRIVERS\nvnetbus.sys
0xB8D9D000 \SystemRoot\system32\DRIVERS\NVNRM.SYS
0xB8D66000 \SystemRoot\system32\DRIVERS\NVSNPU.SYS
0xBA1D8000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xBA490000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA656000 \SystemRoot\system32\DRIVERS\armoucfltr.sys
0xBA498000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA658000 \SystemRoot\system32\DRIVERS\arkbcfltr.sys
0xBA578000 \SystemRoot\system32\DRIVERS\arpolicy.sys
0xBA65C000 \SystemRoot\system32\DRIVERS\serscan.sys
0xBA6B3000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA1E8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA57C000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB8D4F000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA1F8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA208000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA4A0000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB8D3E000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA218000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA4A8000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA4B0000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB8D0D000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBA228000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA660000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB8CB1000 \SystemRoot\system32\DRIVERS\update.sys
0xBA5A4000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA238000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA308000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA5CC000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB9827000 \SystemRoot\system32\DRIVERS\NVENETFD.sys
0xB4375000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xB4353000 \SystemRoot\system32\drivers\portcls.sys
0xB9561000 \SystemRoot\system32\drivers\drmk.sys
0xBA5F2000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA757000 \SystemRoot\System32\Drivers\Null.SYS
0xBA5F4000 \SystemRoot\System32\Drivers\Beep.SYS
0xB5EC3000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xB5EBB000 \SystemRoot\System32\drivers\vga.sys
0xBA5F6000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5F8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xB5EAB000 \SystemRoot\System32\Drivers\Msfs.SYS
0xB5E9B000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB8C6D000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB407A000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB4022000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB3FFA000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB3FD8000 \SystemRoot\System32\drivers\afd.sys
0xBA158000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB3FB6000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xB5E93000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xB3F8B000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xBA178000 \SystemRoot\System32\Drivers\Fips.SYS
0xB3F52000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xBA188000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xA976A000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xA9752000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xB2ABA000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xA97B7000 \SystemRoot\System32\drivers\Dxapi.sys
0xA9B39000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA73B000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xBA554000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA883D000 \SystemRoot\system32\drivers\wdmaud.sys
0xBA268000 \SystemRoot\system32\drivers\sysaudio.sys
0xA879B000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA859E000 \SystemRoot\System32\Drivers\HTTP.sys
0xA851F000 \SystemRoot\system32\DRIVERS\srv.sys
0xA8623000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA84CF000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xBA410000 \??\C:\WINDOWS\system32\drivers\symlcbrd.sys
0xA82E7000 \??\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\aswMBR.sys
0x95997000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 48):
0 System Idle Process
4 System
656 C:\WINDOWS\system32\smss.exe
704 csrss.exe
728 C:\WINDOWS\system32\winlogon.exe
772 C:\WINDOWS\system32\services.exe
784 C:\WINDOWS\system32\lsass.exe
940 C:\WINDOWS\system32\svchost.exe
984 svchost.exe
1076 C:\WINDOWS\system32\svchost.exe
1124 svchost.exe
1168 svchost.exe
1724 C:\WINDOWS\explorer.exe
1756 svchost.exe
1876 C:\WINDOWS\RTHDCPL.EXE
1916 C:\Program Files\Common Files\Java\Java Update\jusched.exe
1948 C:\Program Files\Orbitdownloader\orbitdm.exe
1984 C:\Program Files\Orbitdownloader\orbitnet.exe
344 C:\Program Files\SUPERAntiSpyware\SASCore.exe
356 C:\WINDOWS\system32\svchost.exe
368 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
484 C:\WINDOWS\arservice.exe
516 C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
556 C:\Program Files\Bonjour\mDNSResponder.exe
592 C:\WINDOWS\ehome\ehrecvr.exe
904 C:\WINDOWS\ehome\ehSched.exe
1072 C:\Program Files\Java\jre6\bin\jqs.exe
1192 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
1240 C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
1276 C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe
1596 C:\WINDOWS\system32\nvsvc32.exe
1688 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
1232 svchost.exe
1900 C:\WINDOWS\system32\svchost.exe
2008 C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
2076 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
2228 mcrdsvc.exe
2584 C:\WINDOWS\system32\dllhost.exe
2932 C:\WINDOWS\system32\wscntfy.exe
3580 alg.exe
552 C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
2408 C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Update\1.3.21.79\GoogleCrashHandler.exe
3176 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
1488 C:\Program Files\Windows Live\Contacts\wlcomm.exe
5284 C:\Program Files\iPod\bin\iPodService.exe
3504 C:\Program Files\AIM\aim.exe
1368 C:\WINDOWS\system32\wuauclt.exe
3108 C:\Documents and Settings\Compaq_Administrator\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000023`1ee1a000 (FAT32)

PhysicalDrive0 Model Number: ST3160812AS, Rev: 3.AHH

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 4A3BF69CA3259413E25A52D6E01242850E3B0E3 A

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

SuperDave · « **Reply #36 on:** December 27, 2011, 06:24:44 PM »

Please run AVP again as per instructions in Reply #21.

Computer Hope Forum

News:

Author Topic: Win32 MB Rootkit from XP Antispyware Virus (Read 30339 times)

strangerinchi

SuperDave

strangerinchi

strangerinchi

strangerinchi

strangerinchi

strangerinchi

SuperDave

strangerinchi

strangerinchi

strangerinchi

strangerinchi

SuperDave

strangerinchi

SuperDave

strangerinchi

strangerinchi

SuperDave

strangerinchi

strangerinchi

strangerinchi

SuperDave

strangerinchi

strangerinchi

SuperDave

strangerinchi

strangerinchi

strangerinchi

strangerinchi

SuperDave

strangerinchi

strangerinchi

SuperDave

strangerinchi

SuperDave

strangerinchi

SuperDave