Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: Super Anti-Spyware Log  (Read 8889 times)

0 Members and 1 Guest are viewing this topic.

cis45x

    Topic Starter


    Rookie

    Super Anti-Spyware Log
    « on: June 26, 2010, 10:31:50 AM »
    This is the log I got after running the Super Anti-Spyware.  What information/advice could you give me from this data?
    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 06/24/2010 at 08:26 PM

    Application Version : 4.39.1002

    Core Rules Database Version : 5057
    Trace Rules Database Version: 2869

    Scan type       : Quick Scan
    Total Scan Time : 00:45:10

    Memory items scanned      : 548
    Memory threats detected   : 0
    Registry items scanned    : 1436
    Registry threats detected : 6
    File items scanned        : 36820
    File threats detected     : 1038

    Rogue.AntivirusSoft
       HKU\S-1-5-21-3615259314-1621620533-1473750240-1005\Software\avsoft

    Malware.Trace
       HKU\S-1-5-21-3615259314-1621620533-1473750240-1005\SOFTWARE\AVSUITE
       HKLM\SOFTWARE\AVSUITE
       HKLM\SOFTWARE\AVSOFT

    Disabled.SecurityCenterOption
       HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#ANTIVIRUSDISABLENOTIFY
       HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#FIREWALLDISABLENOTIFY

    Adware.Tracking Cookie
       2mdn.net [ C:\Documents and Settings\Bobby\Application Data\Macromedia\Flash Player\#SharedObjects\LDYR8X3P ]
       ads1.msn.com [ C:\Documents and Settings\Bobby\Application Data\Macromedia\Flash Player\#SharedObjects\LDYR8X3P ]
       b.ads1.msn.com [ C:\Documents and Settings\Bobby\Application Data\Macromedia\Flash Player\#SharedObjects\LDYR8X3P ]
       cdn4.specificclick.net [ C:\Documents and Settings\Bobby\Application Data\Macromedia\Flash Player\#SharedObjects\LDYR8X3P ]
       foodbycountry.com [ C:\Documents and Settings\Bobby\Application Data\Macromedia\Flash Player\#SharedObjects\LDYR8X3P ]
       googleads.g.doubleclick.net [ C:\Documents and Settings\Bobby\Application Data\Macromedia\Flash Player\#SharedObjects\LDYR8X3P ]
       hairstyle.seventeen.com [ C:\Documents and Settings\Bobby\Application Data\Macromedia\Flash Player\#SharedObjects\LDYR8X3P ]
       ia.media-imdb.com [ C:\Documents and Settings\Bobby\Application Data\Macromedia\Flash Player\#SharedObjects\LDYR8X3P ]
       interclick.com [ C:\Documents and Settings\Bobby\Application Data\Macromedia\Flash Player\#SharedObjects\LDYR8X3P ]
       m1.2mdn.net [ C:\Documents and Settings\Bobby\Application Data\Macromedia\Flash Player\#SharedObjects\LDYR8X3P ]
       media.mtvnservices.com [ C:\Documents and Settings\Bobby\Application Data\Macromedia\Flash Player\#SharedObjects\LDYR8X3P ]
       media.resulthost.org [ C:\Documents and Settings\Bobby\Application Data\Macromedia\Flash Player\#SharedObjects\LDYR8X3P ]
       media.scanscout.com [ C:\Documents and Settings\Bobby\Application Data\Macromedia\Flash Player\#SharedObjects\LDYR8X3P ]
       media.tattomedia.com [ C:\Documents and Settings\Bobby\Application Data\Macromedia\Flash Player\#SharedObjects\LDYR8X3P ]
       media01.kyte.tv [ C:\Documents and Settings\Bobby\Application Data\Macromedia\Flash Player\#SharedObjects\LDYR8X3P ]
       media1.break.com [ C:\Documents and Settings\Bobby\Application Data\Macromedia\Flash Player\#SharedObjects\LDYR8X3P ]
       msnbcmedia.msn.com [ C:\Documents and Settings\Bobby\Application Data\Macromedia\Flash Player\#SharedObjects\LDYR8X3P ]
       objects.tremormedia.com [ C:\Documents and Settings\Bobby\Application Data\Macromedia\Flash Player\#SharedObjects\LDYR8X3P ]
       secure-us.imrworldwide.com [ C:\Documents and Settings\Bobby\Application Data\Macromedia\Flash Player\#SharedObjects\LDYR8X3P ]
       static.2mdn.net [ C:\Documents and Settings\Bobby\Application Data\Macromedia\Flash Player\#SharedObjects\LDYR8X3P ]
       udn.specificclick.net [ C:\Documents and Settings\Bobby\Application Data\Macromedia\Flash Player\#SharedObjects\LDYR8X3P ]
       www.teennick.com [ C:\Documents and Settings\Bobby\Application Data\Macromedia\Flash Player\#SharedObjects\LDYR8X3P ]
       wwwstatic.megaporn.com [ C:\Documents and Settings\Bobby\Application Data\Macromedia\Flash Player\#SharedObjects\LDYR8X3P ]
       .specificmedia.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .www.sexytheresas.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .www.sexytheresas.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .www.sexytheresas.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .xxxdessert.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .collective-media.net [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .collective-media.net [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .collective-media.net [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .e-2dj6wjl4amc5eko.stats.esomniture.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       adserving.autotrader.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       www.autoleadsystems.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .adinterax.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .adinterax.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .collective-media.net [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       mediamall.wireless.att.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       lawyers.findlaw.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .qnsr.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .invitemedia.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .invitemedia.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .invitemedia.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .invitemedia.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .invitemedia.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .invitemedia.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .invitemedia.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .invitemedia.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .interclick.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .game-advertising-online.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .smartadserver.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .doubleclick.net [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .smartadserver.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .smartadserver.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .xiti.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .advertising.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .advertising.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .advertising.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .tacoda.net [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .tacoda.net [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .tacoda.net [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .at.atwola.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .advertising.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .tribalfusion.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .tribalfusion.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .tribalfusion.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .tribalfusion.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .tribalfusion.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .atdmt.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .media6degrees.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       ext-us.bestofmedia.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .kontera.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .kontera.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .chitika.net [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .kontera.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .trafficmp.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .trafficmp.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .trafficmp.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .trafficmp.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .trafficmp.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .bs.serving-sys.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .serving-sys.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .serving-sys.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .serving-sys.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .serving-sys.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .serving-sys.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .socialmedia.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .media6degrees.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .specificclick.net [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .specificclick.net [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .specificclick.net [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .specificclick.net [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .specificclick.net [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .specificclick.net [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .specificclick.net [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .ads.pointroll.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .ads.pointroll.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .ads.pointroll.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .ads.pointroll.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .ads.pointroll.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .ads.pointroll.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .ads.pointroll.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       cdn4.specificclick.net [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       cdn4.specificclick.net [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .specificclick.net [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .realmedia.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .casalemedia.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .interclick.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .specificclick.net [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .apmebf.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .websponsors.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .websponsors.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .fastclick.net [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .fastclick.net [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .247realmedia.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .zedo.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .zedo.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .imrworldwide.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .imrworldwide.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .insightexpressai.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .insightexpressai.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .insightexpressai.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .insightexpressai.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .insightexpressai.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .microsoftwindows.112.2o7.net [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .advertising.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .advertising.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       ads.bridgetrack.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .questionmarket.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .revsci.net [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .network.realmedia.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       www.teennick.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .2o7.net [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .overture.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .overture.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .teennick.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .viacom.adbureau.net [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .viacom.adbureau.net [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .mediaplex.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .mediaplex.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .media6degrees.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .jibjab.112.2o7.net [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .ehg-myspaceinc.hitbox.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .ehg-myspaceinc.hitbox.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .hitbox.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .pointroll.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .ads.pointroll.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .burstnet.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .247realmedia.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       www.burstbeacon.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .burstbeacon.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       stat.onestat.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       stat.onestat.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .pointroll.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .yieldmanager.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .lucidmedia.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .lucidmedia.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .lucidmedia.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .insightexpressai.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .insightexpressai.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .insightexpressai.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .insightexpressai.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .insightexpressai.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .insightexpressai.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .insightexpressai.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .insightexpressai.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .insightexpressai.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .insightexpressai.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .insightexpressai.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .insightexpressai.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .iacas.adbureau.net [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .iacas.adbureau.net [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .iacas.adbureau.net [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .eb.adbureau.net [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .eb.adbureau.net [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .eb.adbureau.net [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .eb.adbureau.net [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .eb.adbureau.net [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .eb.adbureau.net [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .insightexpressai.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .insightexpressai.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .insightexpressai.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .insightexpressai.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .insightexpressai.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .yieldmanager.net [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .zedo.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .adbrite.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .adbrite.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .insightexpressai.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .insightexpressai.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .invitemedia.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .media6degrees.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .iacas.adbureau.net [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .iacas.adbureau.net [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .edge.ru4.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .edge.ru4.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .adserver.adtechus.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .adtech.de [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .statcounter.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .intermundomedia.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .overture.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .kontera.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .ehg-myspaceinc.hitbox.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .atdmt.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       ad.yieldmanager.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .viacom.adbureau.net [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .insightexpressai.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .insightexpressai.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .insightexpressai.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .insightexpressai.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .insightexpressai.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .insightexpressai.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .insightexpressai.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .insightexpressai.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .insightexpressai.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .insightexpressai.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .burstnet.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .insightexpressai.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .ehg-nestleusainc.hitbox.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .ehg-nestleusainc.hitbox.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .ehg-nestleusainc.hitbox.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       sales.liveperson.net [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       sales.liveperson.net [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .insightexpressai.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .2o7.net [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       statse.webtrendslive.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .healthgrades.112.2o7.net [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .fastclick.net [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .msnportal.112.2o7.net [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .bestbuy.122.2o7.net [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .statcounter.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .statcounter.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .insightexpressai.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .insightexpressai.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .insightexpressai.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .azjmp.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .specificclick.net [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .smartadserver.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .ehg-myspaceinc.hitbox.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .insightexpressai.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .insightexpressai.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .insightexpressai.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .statcounter.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .timeinc.122.2o7.net [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       find.myrecipes.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .find.myrecipes.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       find.myrecipes.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .2o7.net [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .highbeam.122.2o7.net [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .media6degrees.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .valueclick.net [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       dc.tremormedia.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       data.coremetrics.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .media6degrees.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .newyorkandcompany.112.2o7.net [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .zedo.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       cdn4.specificclick.net [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .iacas.adbureau.net [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .trvlnet.adbureau.net [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .trvlnet.adbureau.net [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .trvlnet.adbureau.net [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .trvlnet.adbureau.net [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .trvlnet.adbureau.net [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .perf.overture.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       eas.apm.emediate.eu [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .ehg-starbucks.hitbox.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       ad.yieldmanager.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .adlegend.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .eyewonder.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .eyewonder.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       ad.yieldmanager.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .adbrite.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .insightexpressai.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .insightexpressai.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .insightexpressai.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       stat.onestat.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .adecn.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .linksynergy.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .linksynergy.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .linksynergy.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       counter.hitslink.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .precisionintermedia.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .precisionintermedia.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .2o7.net [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .viacom.adbureau.net [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .2o7.net [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .viacom.adbureau.net [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       cdn4.specificclick.net [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       ad.yieldmanager.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       adserving.cpxinteractive.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       adserving.cpxinteractive.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       ad.yieldmanager.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       ad.yieldmanager.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .22squared.112.2o7.net [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .cgm.adbureau.net [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .cgm.adbureau.net [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .advertiseyourgame.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .advertiseyourgame.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .cgm.adbureau.net [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .realmedia.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .cgm.adbureau.net [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       metroleap.rotator.hadj7.adjuggler.net [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       metroleap.rotator.hadj7.adjuggler.net [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .videoegg.adbureau.net [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       rotator.adjuggler.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       rotator.adjuggler.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .trafficmp.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .trafficmp.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .trafficmp.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .carfax.112.2o7.net [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .2o7.net [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .ru4.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .ru4.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .ru4.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       server.iad.liveperson.net [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       cdn4.specificclick.net [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       cdn4.specificclick.net [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .ehg-myspaceinc.hitbox.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .revsci.net [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       ad.yieldmanager.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .trafficmp.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .trafficmp.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .trafficmp.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .dmtracker.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .doubleclick.net [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       eas.apm.emediate.eu [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .acronymfinder.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .revsci.net [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .roiservice.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       www.ticketsnow.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .ticketsnow.112.2o7.net [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .ticketsnow.db.advertising.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       www.ticketsnow.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .surveymonkey.122.2o7.net [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .livenation.122.2o7.net [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .adbrite.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .adbrite.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .insightexpressai.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .insightexpressai.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .insightexpressai.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .insightexpressai.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .insightexpressai.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .revsci.net [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .revsci.net [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .atdmt.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .cb.adbureau.net [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .cb.adbureau.net [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .qnsr.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .qnsr.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .serving-sys.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .serving-sys.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       sales.liveperson.net [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       sales.liveperson.net [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .questionmarket.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       www.googleadservices.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       www.googleadservices.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       webstats.aetna.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       webstats.aetna.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .g2.112.2o7.net [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .interclick.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .media6degrees.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       .tribalfusion.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       ad.yieldmanager.com [ C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\prkymud8.default\cookies.sqlite ]
       C:\Documents and Settings\Bobby\Cookies\[email protected][2].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@247realmedia[1].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][1].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][3].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][4].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][2].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][2].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][1].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][3].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][2].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][1].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][3].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][1].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@adbrite[2].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@adbrite[3].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@adbureau[1].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@adecn[1].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@adinterax[2].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][2].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][2].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][2].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][2].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][2].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][2].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][1].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][1].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][2].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][1].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][2].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][2].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][1].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][1].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][2].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][1].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][1].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][1].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][3].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][1].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@adserv01[2].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][1].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][1].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][2].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][1].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][2].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][2].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@adultadworld[1].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@adultsitesurfer[1].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][2].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@advertising[1].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@advertising[3].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@allinterracialporn[1].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][1].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@apartmentfinder[2].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@apmebf[1].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@apmebf[3].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][2].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][3].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@atdmt[1].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@atdmt[2].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@blogforadults[1].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@*censored*.pornlivenews[1].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][1].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@burstbeacon[1].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@burstnet[1].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@burstnet[2].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@casalemedia[2].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][1].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][2].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@chitika[2].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][2].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@clickaider[1].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][1].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@collective-media[2].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@collective-media[3].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][1].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][1].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][2].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][3].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][5].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@countryclubapts[1].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@crackle[1].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][1].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][1].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][1].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@digitalmediacommunications[2].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@discountbooksale[1].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@doubleclick[1].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@doubleclick[3].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@doubleclick[4].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][2].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][1].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][1].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][2].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][1].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@euroclick[2].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@eyewonder[1].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@fastclick[1].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@fastclick[3].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@findlaw[1].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@googleadservices[1].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@hardsextube[1].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][2].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@humornsex[1].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][1].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][3].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@ilikesexyfeet[1].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@imrworldwide[1].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@imrworldwide[3].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@incentaclick[1].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@insightexpressai[2].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@insightexpressai[3].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@interclick[1].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@interclick[2].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@invitemedia[1].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@invitemedia[2].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@lfstmedia[1].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@livesex[2].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][1].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][2].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][1].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][1].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@media6degrees[1].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@media6degrees[2].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@mediaplex[2].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][2].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][1].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][1].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][1].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][1].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][1].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@overture[2].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@overture[3].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@*censored*-enlargement-planet[1].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@peoplefinders[2].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@pointroll[2].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][1].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@pornbilly[1].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@porncitadel[1].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@pornvideosday[2].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@qnsr[1].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@questionmarket[1].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@questionmarket[2].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@realmedia[1].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@realmedia[2].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@revenue[2].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@revsci[1].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@revsci[2].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][2].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][1].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][2].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][1].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][1].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@serving-sys[2].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@seventeen[2].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@sexyuu[1].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][1].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@socialmedia[1].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@specificclick[1].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@specificclick[2].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@specificmedia[1].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@specificmedia[2].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@specificmedia[3].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@specificmedia[5].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][2].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][1].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@tacoda[1].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@tacoda[2].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@teenvogue[1].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@thecourtfinder[1].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][2].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][1].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][1].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@trafficmp[1].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@tribalfusion[1].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@tribalfusion[3].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][2].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][2].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@websponsors[2].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][2].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][1].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][1].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][3].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][2].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][1].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][1].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][10].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][11].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][1].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][2].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][3].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][4].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][5].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][6].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][7].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][8].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][9].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][1].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][1].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][1].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@www.*censored*-enlargement-planet[2].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][1].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][1].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][1].txt
       C:\Documents and Settings\Bobby\Cookies\[email protected][2].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@xxxdessert[1].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@zedo[2].txt
       C:\Documents and Settings\Bobby\Cookies\bobby@zedo[3].txt
       bannerfarm.ace.advertising.com [ C:\Documents and Settings\Cassie\Application Data\Macromedia\Flash Player\#SharedObjects\X8NFWEBN ]
       cdn4.specificclick.net [ C:\Documents and Settings\Cassie\Application Data\Macromedia\Flash Player\#SharedObj

    cis45x

      Topic Starter


      Rookie

      Re: Super Anti-Spyware Log & Malwarebyes Post
      « Reply #1 on: June 26, 2010, 05:37:05 PM »
      Malwarebytes' Anti-Malware 1.46
      www.malwarebytes.org

      Database version: 4244

      Windows 5.1.2600 Service Pack 3
      Internet Explorer 8.0.6001.18702

      6/26/2010 12:21:21 PM
      mbam-log-2010-06-26 (12-21-21).txt

      Scan type: Quick scan
      Objects scanned: 171196
      Time elapsed: 13 minute(s), 55 second(s)

      Memory Processes Infected: 0
      Memory Modules Infected: 0
      Registry Keys Infected: 1
      Registry Values Infected: 0
      Registry Data Items Infected: 0
      Folders Infected: 0
      Files Infected: 1

      Memory Processes Infected:
      (No malicious items detected)

      Memory Modules Infected:
      (No malicious items detected)

      Registry Keys Infected:
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e596df5f-4239-4d40-8367-ebadf0165917} (Rogue.Installer) -> Quarantined and deleted successfully.

      Registry Values Infected:
      (No malicious items detected)

      Registry Data Items Infected:
      (No malicious items detected)

      Folders Infected:
      (No malicious items detected)

      Files Infected:
      C:\Documents and Settings\Bobby\Local Settings\Temp\e.exe (Trojan.Mufanom) -> Quarantined and deleted successfully.

      SuperDave

      • Malware Removal Specialist
      • Moderator


      • Genius
      • Thanked: 1020
      • Certifications: List
      • Experience: Expert
      • OS: Windows 10
      Re: Super Anti-Spyware Log
      « Reply #2 on: June 26, 2010, 05:42:06 PM »
      Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.

      1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
      2. The fixes are specific to your problem and should only be used for this issue on this machine.
      3. If you don't know or understand something, please don't hesitate to ask.
      4. Please DO NOT run any other tools or scans while I am helping you.
      5. It is important that you reply to this thread. Do not start a new topic.
      6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
      7. Absence of symptoms does not mean that everything is clear.

      Your computer is possibly infected. Would you like to run some more scans and post the logs here?

      Please download: HiJackThis to your Desktop.
      • Double Click the HijackThis icon, located on your Desktop.
      • By Default, it will install to: C:\Program Files\Trend Micro\HijackThis
      • Accept the license agreement.
      • Click the Open the Misc Tools section button.
      • Place a checkmark beside Calculate MD5 of files if possible. Then, click Back.
      • Click Do a System Scan and Save a Logfile. Or, if you see a white screen, click Scan.
      • Please post the log in your next reply.
      ==================================

      Download Security Check by screen317 from one of the following links and save it to your desktop.

      Link 1
      Link 2

      * Unzip SecurityCheck.zip and a folder named Security Check should appear.
      * Open the Security Check folder and double-click Security Check.bat
      * Follow the on-screen instructions inside of the black box.
      * A Notepad document should open automatically called checkup.txt
      * Post the contents of that document in your next reply.

      Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

      ================================

      Please download ComboFix from BleepingComputer.com

      Alternate link: GeeksToGo.com

      Alternate link: Forospyware.com

      Rename ComboFix.exe to commy.exe before you save it to your Desktop
      • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools ]A guide to do this can be found here
      • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
      • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.
      • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


      Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

      Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


      • Click on Yes, to continue scanning for malware.
      • When finished, it shall produce a log for you.  Please include the contents of C:\ComboFix.txt in your next reply.
      Windows 8 and Windows 10 dual boot with two SSD's

      cis45x

        Topic Starter


        Rookie

        HijackThis Log
        « Reply #3 on: June 27, 2010, 02:02:06 PM »
        Logfile of Trend Micro HijackThis v2.0.2
        Scan saved at 3:01:32 PM, on 6/27/2010
        Platform: Windows XP SP3 (WinNT 5.01.2600)
        MSIE: Internet Explorer v8.00 (8.00.6001.18702)
        Boot mode: Normal

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\WINDOWS\system32\svchost.exe
        c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
        C:\Program Files\Bonjour\mDNSResponder.exe
        C:\WINDOWS\eHome\ehRecvr.exe
        C:\WINDOWS\eHome\ehSched.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\Program Files\Java\jre6\bin\jqs.exe
        C:\WINDOWS\Explorer.EXE
        C:\Program Files\Common Files\LightScribe\LSSrvc.exe
        C:\WINDOWS\lpcl.exe
        C:\Program Files\Common Files\Motive\McciCMService.exe
        C:\Program Files\PC Tools Firewall Plus\FWService.exe
        C:\WINDOWS\system32\HPZipm12.exe
        C:\WINDOWS\system32\svchost.exe
        C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
        C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
        C:\WINDOWS\ehome\ehtray.exe
        C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
        C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
        C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
        C:\WINDOWS\system32\hphmon03.exe
        C:\PROGRA~1\SBCLIG~1\SMARTB~1\MotiveSB.exe
        C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
        C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
        C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
        C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
        C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
        C:\Program Files\Motive\AsstCommon\motmon.exe
        C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
        C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
        C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
        C:\Program Files\AT&T\Internet Security Wizard\ISW.exe
        C:\Program Files\QuickTime\QTTask.exe
        C:\Program Files\iTunes\iTunesHelper.exe
        C:\Program Files\Microsoft Security Essentials\msseces.exe
        C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
        C:\Program Files\Common Files\Java\Java Update\jusched.exe
        C:\Program Files\Messenger\msmsgs.exe
        C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\Digital Lifeline\bin\mpbtn.exe
        C:\Program Files\palmOne\Hotsync.exe
        C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
        C:\WINDOWS\system32\dllhost.exe
        C:\WINDOWS\system32\wscntfy.exe
        C:\WINDOWS\eHome\ehmsas.exe
        C:\Program Files\iPod\bin\iPodService.exe
        C:\Program Files\HPQ\SHARED\HPQWMI.exe
        C:\Program Files\Mozilla Firefox\firefox.exe
        C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
        O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (filesize 62080 bytes, MD5 C11F6A1F61481E24BE3FDC06EA6F7D2A)
        O2 - BHO: AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL (filesize 1865544 bytes, MD5 9F7C6AADF6B57946D4C37C9C910EC3F4)
        O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (filesize 41760 bytes, MD5 385BD69743EA92E76CDF07B3345A25D5)
        O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (filesize 79648 bytes, MD5 4E2BB6D2677B42AD04BE18A6E9817B68)
        O3 - Toolbar: AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL (filesize 1865544 bytes, MD5 9F7C6AADF6B57946D4C37C9C910EC3F4)
        O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exeC:\WINDOWS\ehome\ehtray.exe
        O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exeC:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
        O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start (filesize 405504 bytes, MD5 24C588CD72DDD39F7808922F711A3DF8)
        O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exeC:\Program Files\HPQ\Default Settings\cpqset.exe
        O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exeC:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
        O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exeC:\WINDOWS\system32\hphmon03.exe
        O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCLIG~1\SMARTB~1\MotiveSB.exeC:\PROGRA~1\SBCLIG~1\SMARTB~1\MotiveSB.exe
        O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart (filesize 3739648 bytes, MD5 BCD9CBF0621F9A6767276A2E0BF1DD15)
        O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" (filesize 63712 bytes, MD5 FC9E59FE8BC4FE05382CFF5C8FC59DE1)
        O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler (filesize 213936 bytes, MD5 2BAD84B393AF47006D80BA2F03B18029)
        O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exeC:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
        O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exe
        O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exeC:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
        O4 - HKLM\..\Run: [MotiveMonitor] "C:\Program Files\Motive\AsstCommon\motmon.exe" (filesize 155648 bytes, MD5 5DBCACF3FC3E81524128D4BFBC9725D5)
        O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exec:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
        O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exeC:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
        O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe" (filesize 45056 bytes, MD5 45C07E3EE85A318D2DC8C391E952182A)
        O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" (filesize 344064 bytes, MD5 1FF662360032871AF5F5DB9812321097)
        O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (filesize 39792 bytes, MD5 8B9145D229D4E89D15ACB820D4A3A90F)
        O4 - HKLM\..\Run: [ISW.exe] "C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" /AUTORUN (filesize 2061816 bytes, MD5 C6FC3B54AD1FEE0FE4069AB51BF4C724)
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (filesize 417792 bytes, MD5 55D7A219AD8D0DB8980528944152A6FD)
        O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (filesize 141600 bytes, MD5 68A553BDFA855C4F1074696682FCDEB6)
        O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey (filesize 1093208 bytes, MD5 5DB28B77A1A75DDDFEED99FB9722C540)
        O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s (filesize 3168216 bytes, MD5 B4C1C657FCCCAF24EBF028CE68E6D086)
        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" (filesize 248040 bytes, MD5 52DB6CDAC5BC7A1FC884E97C41C91213)
        O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (filesize 1695232 bytes, MD5 3E930C641079443D4DE036167A69CAA2)
        O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
        O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
        O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
        O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\ctfmon.exe
        O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
        O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
        O4 - Global Startup: Digital Lifeline.lnk = C:\Program Files\Digital Lifeline\bin\mpbtn.exe (filesize 172032 bytes, MD5 6564B07717189A921C428E7B62A90CDB)
        O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe (filesize 471040 bytes, MD5 F8FB2CA91F25D3EAA2CAE2F0B55FEC54)
        O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe (filesize 118784 bytes, MD5 8C920DFE944B0DCE788DB3CB0320B336)
        O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (filesize 558080 bytes, MD5 AAC1D4EE39DF138C5D30AC5883E3B59F)
        O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (filesize 558080 bytes, MD5 AAC1D4EE39DF138C5D30AC5883E3B59F)
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (filesize 1695232 bytes, MD5 3E930C641079443D4DE036167A69CAA2)
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (filesize 1695232 bytes, MD5 3E930C641079443D4DE036167A69CAA2)
        O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
        O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
        O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1184988058187
        O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLLC:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
        O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
        O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\Ati2evxx.exe
        O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Bonjour\mDNSResponder.exe
        O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exeC:\Program Files\HPQ\SHARED\HPQWMI.exe
        O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exeC:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
        O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeC:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
        O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeC:\Program Files\iPod\bin\iPodService.exe
        O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Java\jre6\bin\jqs.exe
        O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exe
        O23 - Service: lpcl - Warranty Corporation of America - C:\WINDOWS\lpcl.exeC:\WINDOWS\lpcl.exe
        O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exeC:\Program Files\Common Files\Motive\McciCMService.exe
        O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exeC:\Program Files\PC Tools Firewall Plus\FWService.exe
        O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exeC:\WINDOWS\system32\HPHipm09.exe
        O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeC:\WINDOWS\system32\HPZipm12.exe
        O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
        O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)
        O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exeC:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe

        --
        End of file - 13819 bytes

        cis45x

          Topic Starter


          Rookie

          ComboFix Log
          « Reply #4 on: June 27, 2010, 02:54:00 PM »
          ComboFix 10-06-27.03 - Sandra 06/27/2010  15:25:34.1.1 - x86
          Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1022.452 [GMT -5:00]
          Running from: c:\documents and settings\Sandra\My Documents\Downloads\commy.exe
          AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
          FW: PC Tools Firewall Plus *enabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
          .

          (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
          .

          c:\documents and settings\Bobby\Local Settings\Application Data\{060A2A6F-FF3B-49E3-B01B-7D2F74549326}
          c:\documents and settings\Bobby\Local Settings\Application Data\{060A2A6F-FF3B-49E3-B01B-7D2F74549326}\chrome.manifest
          c:\documents and settings\Bobby\Local Settings\Application Data\{060A2A6F-FF3B-49E3-B01B-7D2F74549326}\chrome\content\_cfg.js
          c:\documents and settings\Bobby\Local Settings\Application Data\{060A2A6F-FF3B-49E3-B01B-7D2F74549326}\chrome\content\overlay.xul
          c:\documents and settings\Bobby\Local Settings\Application Data\{060A2A6F-FF3B-49E3-B01B-7D2F74549326}\install.rdf
          c:\documents and settings\Sandra\Local Settings\Application Data\{C7BD1C5F-319E-495C-8B9B-EB010B705AA1}
          c:\documents and settings\Sandra\Local Settings\Application Data\{C7BD1C5F-319E-495C-8B9B-EB010B705AA1}\chrome.manifest
          c:\documents and settings\Sandra\Local Settings\Application Data\{C7BD1C5F-319E-495C-8B9B-EB010B705AA1}\chrome\content\_cfg.js
          c:\documents and settings\Sandra\Local Settings\Application Data\{C7BD1C5F-319E-495C-8B9B-EB010B705AA1}\chrome\content\overlay.xul
          c:\documents and settings\Sandra\Local Settings\Application Data\{C7BD1C5F-319E-495C-8B9B-EB010B705AA1}\install.rdf

          .
          (((((((((((((((((((((((((   Files Created from 2010-05-27 to 2010-06-27  )))))))))))))))))))))))))))))))
          .

          2010-06-27 19:58 . 2010-06-27 19:58   --------   d-----w-   c:\program files\Trend Micro
          2010-06-27 03:19 . 2010-06-27 03:19   503808   ----a-w-   c:\documents and settings\Sandra\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-20f215ac-n\msvcp71.dll
          2010-06-27 03:19 . 2010-06-27 03:19   499712   ----a-w-   c:\documents and settings\Sandra\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-20f215ac-n\jmc.dll
          2010-06-27 03:19 . 2010-06-27 03:19   348160   ----a-w-   c:\documents and settings\Sandra\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-20f215ac-n\msvcr71.dll
          2010-06-27 03:19 . 2010-06-27 03:19   61440   ----a-w-   c:\documents and settings\Sandra\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-186516e0-n\decora-sse.dll
          2010-06-27 03:19 . 2010-06-27 03:19   12800   ----a-w-   c:\documents and settings\Sandra\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-186516e0-n\decora-d3d.dll
          2010-06-27 03:19 . 2010-06-27 03:18   411368   ----a-w-   c:\windows\system32\deployJava1.dll
          2010-06-26 16:48 . 2010-06-26 16:48   --------   d-----w-   c:\documents and settings\Sandra\Application Data\Malwarebytes
          2010-06-26 16:47 . 2010-04-29 20:39   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
          2010-06-26 16:47 . 2010-06-26 16:47   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
          2010-06-26 16:43 . 2010-06-26 16:47   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
          2010-06-26 16:43 . 2010-04-29 20:39   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
          2010-06-25 02:46 . 2010-05-21 19:14   221568   ------w-   c:\windows\system32\MpSigStub.exe
          2010-06-25 00:34 . 2010-06-25 00:34   63488   ----a-w-   c:\documents and settings\Sandra\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
          2010-06-25 00:34 . 2010-06-25 00:34   52224   ----a-w-   c:\documents and settings\Sandra\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
          2010-06-25 00:34 . 2010-06-25 00:34   117760   ----a-w-   c:\documents and settings\Sandra\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
          2010-06-25 00:34 . 2010-06-25 00:34   --------   d-----w-   c:\documents and settings\Sandra\Application Data\SUPERAntiSpyware.com
          2010-06-25 00:34 . 2010-06-25 00:34   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
          2010-06-25 00:33 . 2010-06-25 00:33   --------   d-----w-   c:\program files\SUPERAntiSpyware
          2010-06-25 00:06 . 2010-06-25 00:07   --------   d-----w-   c:\program files\CCleaner
          2010-06-24 23:55 . 2010-06-24 23:56   --------   d-----w-   c:\documents and settings\Sandra\Application Data\PCToolsFirewallPlus
          2010-06-24 01:59 . 2010-06-24 01:59   --------   d-----w-   c:\documents and settings\All Users\Application Data\RegSERVO
          2010-06-24 01:47 . 2009-11-23 18:54   88040   ----a-w-   c:\windows\system32\drivers\PCTAppEvent.sys
          2010-06-24 01:47 . 2009-11-09 16:20   207792   ----a-w-   c:\windows\system32\drivers\PCTCore.sys
          2010-06-24 01:47 . 2010-01-07 17:40   233136   ----a-w-   c:\windows\system32\drivers\pctgntdi.sys
          2010-06-24 01:47 . 2010-06-24 01:47   --------   d-----w-   c:\program files\Common Files\PC Tools
          2010-06-24 01:47 . 2010-01-12 14:34   70664   ----a-w-   c:\windows\system32\drivers\pctNdis-PacketFilter.sys
          2010-06-24 01:47 . 2010-01-07 16:35   58816   ----a-w-   c:\windows\system32\drivers\pctNdis.sys
          2010-06-24 01:47 . 2010-01-07 16:35   32680   ----a-w-   c:\windows\system32\drivers\pctNdis-DNS.sys
          2010-06-24 01:47 . 2010-01-13 13:59   115216   ----a-w-   c:\windows\system32\drivers\pctplfw.sys
          2010-06-24 01:47 . 2010-06-24 23:57   --------   d-----w-   c:\program files\PC Tools Firewall Plus
          2010-06-24 01:26 . 2010-06-24 01:26   --------   d-sh--w-   c:\documents and settings\Administrator\IECompatCache
          2010-06-24 01:25 . 2010-06-24 01:25   --------   d-sh--w-   c:\documents and settings\Administrator\PrivacIE
          2010-06-24 01:24 . 2010-06-24 01:24   73424   ----a-w-   c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
          2010-06-22 04:55 . 2010-06-22 04:55   --------   d-----w-   c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
          2010-06-22 04:51 . 2010-06-22 04:52   --------   d-----w-   c:\program files\Microsoft Security Essentials
          2010-06-22 04:47 . 2010-06-22 04:47   --------   d-----w-   C:\76681267014789b6f130998a7b092a
          2010-06-22 04:46 . 2010-06-22 04:46   --------   d-----w-   C:\6c46460cc4353a7a5f30ff2463
          2010-06-22 04:45 . 2010-06-22 04:45   --------   d-----w-   C:\1e2df3c2d7506665fafd0372e8c7d1
          2010-06-22 04:35 . 2010-06-22 04:35   --------   d-----w-   C:\cf0812036585e0f292cd8391f11a33ca
          2010-06-22 04:15 . 2010-06-22 04:15   --------   d-----w-   C:\0497a1ce892cce9c6dfc0a02e6
          2010-06-22 03:38 . 2010-06-22 03:38   --------   d-sh--w-   c:\documents and settings\Administrator\IETldCache
          2010-06-20 04:35 . 2010-06-22 02:39   0   ----a-w-   c:\windows\Thizozido.bin
          2010-06-20 04:33 . 2010-06-24 05:36   --------   d-----w-   c:\documents and settings\Bobby\Local Settings\Application Data\kuqoqmppe
          2010-06-18 01:47 . 2010-05-06 10:41   743424   -c----w-   c:\windows\system32\dllcache\iedvtool.dll

          .
          ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          2010-06-27 19:53 . 2008-12-14 21:12   --------   d---a-w-   c:\documents and settings\All Users\Application Data\TEMP
          2010-06-27 03:19 . 2005-11-29 05:23   --------   d-----w-   c:\program files\Common Files\Java
          2010-06-27 02:40 . 2005-11-29 05:23   --------   d-----w-   c:\program files\Java
          2010-06-25 00:26 . 2009-08-28 20:48   --------   d-----w-   c:\documents and settings\All Users\Application Data\ATTToolbar
          2010-06-22 04:49 . 2005-11-29 05:53   --------   d-----w-   c:\program files\Common Files\Symantec Shared
          2010-06-22 04:45 . 2005-11-29 05:53   --------   d-----w-   c:\documents and settings\All Users\Application Data\Symantec
          2010-06-22 03:57 . 2008-12-14 21:07   --------   d-----w-   c:\program files\Norton Security Scan
          2010-06-22 03:32 . 2005-11-29 05:53   --------   d-----w-   c:\program files\Symantec
          2010-05-23 23:17 . 2010-05-23 23:17   503808   ----a-w-   c:\documents and settings\Bobby\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-18e85dce-n\msvcp71.dll
          2010-05-23 23:17 . 2010-05-23 23:17   499712   ----a-w-   c:\documents and settings\Bobby\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-18e85dce-n\jmc.dll
          2010-05-23 23:17 . 2010-05-23 23:17   348160   ----a-w-   c:\documents and settings\Bobby\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-18e85dce-n\msvcr71.dll
          2010-05-06 10:41 . 2004-08-10 12:00   916480   ----a-w-   c:\windows\system32\wininet.dll
          2010-05-02 05:22 . 2004-08-10 12:00   1851264   ----a-w-   c:\windows\system32\win32k.sys
          2010-04-20 05:30 . 2004-08-10 12:00   285696   ----a-w-   c:\windows\system32\atmfd.dll
          2010-03-31 05:16 . 2010-03-31 05:16   99176   ----a-w-   c:\windows\system32\PresentationHostProxy.dll
          2010-03-31 05:10 . 2010-03-31 05:10   295264   ----a-w-   c:\windows\system32\PresentationHost.exe
          2006-07-20 02:28 . 2006-07-20 02:28   251   ----a-w-   c:\program files\wt3d.ini
          2007-06-21 23:38 . 2007-06-21 23:38   30280   ----a-w-   c:\program files\mozilla firefox\plugins\cgpcfg.dll
          2007-06-21 23:38 . 2007-06-21 23:38   79432   ----a-w-   c:\program files\mozilla firefox\plugins\CgpCore.dll
          2007-06-21 23:38 . 2007-06-21 23:38   71240   ----a-w-   c:\program files\mozilla firefox\plugins\confmgr.dll
          2007-06-21 23:38 . 2007-06-21 23:38   140872   ----a-w-   c:\program files\mozilla firefox\plugins\ctxmui.dll
          2007-06-21 23:39 . 2007-06-21 23:39   38472   ----a-w-   c:\program files\mozilla firefox\plugins\icafile.dll
          2007-06-21 23:39 . 2007-06-21 23:39   46664   ----a-w-   c:\program files\mozilla firefox\plugins\icalogon.dll
          2007-06-21 23:39 . 2007-06-21 23:39   34376   ----a-w-   c:\program files\mozilla firefox\plugins\logging.dll
          2007-06-21 23:39 . 2007-06-21 23:39   685640   ----a-w-   c:\program files\mozilla firefox\plugins\sslsdk_b.dll
          2007-06-21 23:40 . 2007-06-21 23:40   30280   ----a-w-   c:\program files\mozilla firefox\plugins\TcpPServ.dll
          2003-12-05 03:16 . 2006-03-20 05:39   69632   --sha-r-   c:\windows\lnchshll.exe
          2003-12-05 17:41 . 2006-03-20 05:39   368640   --sha-r-   c:\windows\lpcl.exe
          2003-12-05 03:16 . 2006-03-20 05:39   49152   --sha-r-   c:\windows\ScrnInt.exe
          2004-08-10 12:00 . 2004-08-10 12:00   94784   --sh--w-   c:\windows\twain.dll
          2008-04-14 00:12 . 2004-08-10 12:00   50688   --sh--w-   c:\windows\twain_32.dll
          2004-08-20 05:26 . 2004-08-20 05:26   1216   --sh--w-   c:\windows\Twunk_16.dll
          2004-08-20 05:26 . 2004-08-20 05:26   1216   --sh--w-   c:\windows\Twunk_32.dll
          2008-04-14 00:11 . 2004-08-10 12:00   1028096   --sha-w-   c:\windows\system32\mfc42.dll
          2008-04-14 00:12 . 2004-08-10 12:00   57344   --sh--w-   c:\windows\system32\msvcirt.dll
          2008-04-14 00:12 . 2004-08-10 12:00   413696   --sha-w-   c:\windows\system32\msvcp60.dll
          2008-04-14 00:12 . 2004-08-10 12:00   343040   --sha-w-   c:\windows\system32\msvcrt.dll
          2008-04-14 00:12 . 2004-08-10 12:00   551936   --sh--w-   c:\windows\system32\oleaut32.dll
          2008-04-14 00:12 . 2004-08-10 12:00   84992   --sh--w-   c:\windows\system32\olepro32.dll
          2008-04-14 00:12 . 2004-08-10 12:00   11776   --sh--w-   c:\windows\system32\regsvr32.exe
          .

          (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          *Note* empty entries & legit default entries are not shown
          REGEDIT4

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
          "hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-05-04 794624]
          "eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2006-04-18 405504]
          "Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-08-01 233534]
          "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb06.exe" [2002-07-11 188416]
          "HPHmon03"="c:\windows\system32\hphmon03.exe" [2001-10-25 311296]
          "Motive SmartBridge"="c:\progra~1\SBCLIG~1\SMARTB~1\MotiveSB.exe" [2003-12-10 380928]
          "googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
          "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
          "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
          "WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-05-16 430080]
          "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 729178]
          "Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344]
          "MotiveMonitor"="c:\program files\Motive\AsstCommon\motmon.exe" [2003-10-10 155648]
          "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
          "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
          "CXMon"="c:\program files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe" [2001-09-19 45056]
          "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-09-28 344064]
          "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
          "ISW.exe"="c:\program files\AT&T\Internet Security Wizard\ISW.exe" [2007-05-03 2061816]
          "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
          "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
          "MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]
          "00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2010-01-12 3168216]
          "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

          [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
          "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

          c:\documents and settings\All Users\Start Menu\Programs\Startup\
          Digital Lifeline.lnk - c:\program files\Digital Lifeline\bin\mpbtn.exe [2006-3-20 172032]
          HotSync Manager.lnk - c:\program files\palmOne\Hotsync.exe [2004-6-9 471040]
          NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2006-3-19 118784]

          [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
          "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
          2009-09-03 22:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL

          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
          @="Service"

          [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
          "EnableFirewall"= 0 (0x0)

          [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
          "%windir%\\system32\\sessmgr.exe"=
          "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
          "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
          "c:\\Program Files\\Messenger\\msmsgs.exe"=
          "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
          "c:\\Program Files\\iTunes\\iTunes.exe"=

          [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
          "AllowInboundEchoRequest"= 1 (0x1)

          R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [6/23/2010 8:47 PM 233136]
          R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
          R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
          R2 lpcl;lpcl;c:\windows\lpcl.exe [3/20/2006 12:39 AM 368640]
          R2 pciinfo;HP Pci Information;\??\c:\docume~1\Sandra\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys --> c:\docume~1\Sandra\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys [?]
          R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [6/23/2010 8:47 PM 88040]
          R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [5/16/2008 6:12 PM 102400]
          R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [8/22/2005 4:06 AM 231424]
          R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [6/23/2010 8:47 PM 70664]
          R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [6/23/2010 8:47 PM 58816]
          R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [6/23/2010 8:47 PM 115216]
          S3 Dot4Usb HPH09;Dot4Usb HPH09;c:\windows\system32\drivers\hphius09.sys [10/25/2001 9:54 AM 18864]
          S3 Net6IM;Net6;c:\windows\system32\DRIVERS\CAG_im51.sys --> c:\windows\system32\DRIVERS\CAG_im51.sys [?]
          S4 AutoSyncService;Memeo AutoSync ;c:\program files\Memeo\AutoSync\MemeoService.exe [7/6/2007 6:28 PM 31768]
          .
          Contents of the 'Scheduled Tasks' folder

          2010-06-10 c:\windows\Tasks\AppleSoftwareUpdate.job
          - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:34]

          2010-06-27 c:\windows\Tasks\MP Scheduled Scan.job
          - c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-09 23:02]
          .
          .
          ------- Supplementary Scan -------
          .
          uStart Page = hxxp://www.att.net
          uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
          mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
          uInternet Settings,ProxyOverride = <local>
          uInternet Settings,ProxyServer = http=127.0.0.1:5555
          uSearchAssistant = hxxp://www.google.com/ie
          uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
          DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
          FF - ProfilePath - c:\documents and settings\Sandra\Application Data\Mozilla\Firefox\Profiles\v0znyxy7.default\
          FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
          FF - prefs.js: network.proxy.type - 4
          FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
          FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
          FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
          FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
          FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

          ---- FIREFOX POLICIES ----
          c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
          c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
          c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
          c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
          c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
          c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
          c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
          c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
          c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
          c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type",                  5);
          c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 10);
          c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
          c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
          c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_ everywhere__temporarily_available_pref", true);
          c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
          c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_a s_broken", false);
          c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
          c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
          c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
          c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
          c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
          c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
          c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
          c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
          c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
          .
          - - - - ORPHANS REMOVED - - - -

          WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
          HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
          HKCU-Run-Yahoo! Pager - c:\program files\Yahoo!\Messenger\ypager.exe
          HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe



          **************************************************************************

          catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
          Rootkit scan 2010-06-27 15:31
          Windows 5.1.2600 Service Pack 3 NTFS

          scanning hidden processes ... 

          scanning hidden autostart entries ...

          HKLM\Software\Microsoft\Windows\CurrentVersion\Run
            Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????6?2?0?5??P???? ???B?????????????hLC? ??????

          scanning hidden files ... 

          scan completed successfully
          hidden files: 0

          **************************************************************************
          .
          --------------------- DLLs Loaded Under Running Processes ---------------------

          - - - - - - - > 'winlogon.exe'(800)
          c:\program files\SUPERAntiSpyware\SASWINLO.DLL
          c:\windows\system32\WININET.dll
          c:\windows\system32\Ati2evxx.dll
          .
          Completion time: 2010-06-27  15:35:12
          ComboFix-quarantined-files.txt  2010-06-27 20:35

          Pre-Run: 38,059,266,048 bytes free
          Post-Run: 38,712,512,512 bytes free

          WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
          [boot loader]
          timeout=2
          default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
          [operating systems]
          c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
          multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

          - - End Of File - - 931F704807B959E5A5B9C10B2FC04B8A

          SuperDave

          • Malware Removal Specialist
          • Moderator


          • Genius
          • Thanked: 1020
          • Certifications: List
          • Experience: Expert
          • OS: Windows 10
          Re: Super Anti-Spyware Log
          « Reply #5 on: June 27, 2010, 05:26:52 PM »
          Download Disable/Remove Windows Messenger to the desktop to remove Windows Messenger.

          Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

          Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.

          Exit out of MessengerDisable then delete the two files that were put on the desktop.

          ===============================

          Download Security Check by screen317 from one of the following links and save it to your desktop.

          Link 1
          Link 2

          * Unzip SecurityCheck.zip and a folder named Security Check should appear.
          * Open the Security Check folder and double-click Security Check.bat
          * Follow the on-screen instructions inside of the black box.
          * A Notepad document should open automatically called checkup.txt
          * Post the contents of that document in your next reply.

          Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

          ======================================

          Open HijackThis and select Do a system scan only

          Place a check mark next to the following entries: (if there)

          R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
          O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (filesize 1695232 bytes, MD5 3E930C641079443D4DE036167A69CAA2)
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (filesize 1695232 bytes, MD5 3E930C641079443D4DE036167A69CAA2)
          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (filesize 1695232 bytes, MD5 3E930C641079443D4DE036167A69CAA2)


          Important: Close all open windows except for HijackThis and then click Fix checked.

          Once completed, exit HijackThis.

          ===============================

          Re-running ComboFix to remove infections:

          • Close any open browsers.
          • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
          • Open notepad and copy/paste the text in the quotebox below into it:
            Quote
            KillAll::

            File::
            c:\windows\Thizozido.bin

            DirLook::
            c:\documents and settings\Bobby\Local Settings\Application Data\kuqoqmppe

            DDS::
            uInternet Settings,ProxyServer = http=127.0.0.1:5555

          • Save this as CFScript.txt, in the same location as ComboFix.exe



          • Referring to the picture above, drag CFScript into ComboFix.exe
          • When finished, it shall produce a log for you at C:\ComboFix.txt
          • Please post the contents of the log in your next reply.

          Windows 8 and Windows 10 dual boot with two SSD's

          cis45x

            Topic Starter


            Rookie

            checkup_log
            « Reply #6 on: June 27, 2010, 09:15:11 PM »
             Results of screen317's Security Check version 0.99.4 
             Windows XP Service Pack 3 
             Internet Explorer 8 
            ``````````````````````````````
            Antivirus/Firewall Check:

             Windows Firewall Disabled! 
             PC Tools Firewall Plus 6.0 
             Microsoft Security Essentials   
             Antivirus up to date! (On Access scanning disabled!)
            ```````````````````````````````
            Anti-malware/Other Utilities Check:

             Malwarebytes' Anti-Malware   
             HijackThis 2.0.2   
             CCleaner     
             Cleaner 5 EZ   
             Java(TM) 6 Update 20 
             Adobe Flash Player 10.0.32.18 
            Adobe Reader 8.1.1
            Adobe Reader 8.1.2
            Adobe Reader 8.1.2 Security Update 1 (KB403742)
            Out of date Adobe Reader installed!
            ````````````````````````````````
            Process Check: 
            objlist.exe by Laurent

             Windows Defender MSMpEng.exe
             Microsoft Security Essentials msseces.exe
             PC Tools Firewall Plus FWService.exe   
             PC Tools Firewall Plus FirewallGUI.exe   
            ````````````````````````````````
            DNS Vulnerability Check:

             GREAT! (Not vulnerable to DNS cache poisoning)

            ``````````End of Log````````````

            cis45x

              Topic Starter


              Rookie

              ComboFix Log
              « Reply #7 on: June 27, 2010, 09:34:07 PM »
              ComboFix 10-06-27.03 - Sandra 06/27/2010  22:19:07.2.1 - x86
              Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1022.519 [GMT -5:00]
              Running from: c:\documents and settings\Sandra\My Documents\Downloads\commy.exe
              AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
              FW: PC Tools Firewall Plus *enabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
              .

              (((((((((((((((((((((((((   Files Created from 2010-05-28 to 2010-06-28  )))))))))))))))))))))))))))))))
              .

              2010-06-28 02:52 . 2010-06-28 02:53   --------   d-----w-   c:\documents and settings\Bobby\Application Data\PCToolsFirewallPlus
              2010-06-27 19:58 . 2010-06-27 19:58   --------   d-----w-   c:\program files\Trend Micro
              2010-06-27 03:19 . 2010-06-27 03:19   503808   ----a-w-   c:\documents and settings\Sandra\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-20f215ac-n\msvcp71.dll
              2010-06-27 03:19 . 2010-06-27 03:19   499712   ----a-w-   c:\documents and settings\Sandra\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-20f215ac-n\jmc.dll
              2010-06-27 03:19 . 2010-06-27 03:19   348160   ----a-w-   c:\documents and settings\Sandra\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-20f215ac-n\msvcr71.dll
              2010-06-27 03:19 . 2010-06-27 03:19   61440   ----a-w-   c:\documents and settings\Sandra\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-186516e0-n\decora-sse.dll
              2010-06-27 03:19 . 2010-06-27 03:19   12800   ----a-w-   c:\documents and settings\Sandra\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-186516e0-n\decora-d3d.dll
              2010-06-27 03:19 . 2010-06-27 03:18   411368   ----a-w-   c:\windows\system32\deployJava1.dll
              2010-06-26 16:48 . 2010-06-26 16:48   --------   d-----w-   c:\documents and settings\Sandra\Application Data\Malwarebytes
              2010-06-26 16:47 . 2010-04-29 20:39   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
              2010-06-26 16:47 . 2010-06-26 16:47   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
              2010-06-26 16:43 . 2010-06-26 16:47   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
              2010-06-26 16:43 . 2010-04-29 20:39   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
              2010-06-25 02:46 . 2010-05-21 19:14   221568   ------w-   c:\windows\system32\MpSigStub.exe
              2010-06-25 00:34 . 2010-06-25 00:34   63488   ----a-w-   c:\documents and settings\Sandra\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
              2010-06-25 00:34 . 2010-06-25 00:34   52224   ----a-w-   c:\documents and settings\Sandra\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
              2010-06-25 00:34 . 2010-06-25 00:34   117760   ----a-w-   c:\documents and settings\Sandra\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
              2010-06-25 00:34 . 2010-06-25 00:34   --------   d-----w-   c:\documents and settings\Sandra\Application Data\SUPERAntiSpyware.com
              2010-06-25 00:34 . 2010-06-25 00:34   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
              2010-06-25 00:33 . 2010-06-25 00:33   --------   d-----w-   c:\program files\SUPERAntiSpyware
              2010-06-25 00:06 . 2010-06-25 00:07   --------   d-----w-   c:\program files\CCleaner
              2010-06-24 23:55 . 2010-06-24 23:56   --------   d-----w-   c:\documents and settings\Sandra\Application Data\PCToolsFirewallPlus
              2010-06-24 01:59 . 2010-06-24 01:59   --------   d-----w-   c:\documents and settings\All Users\Application Data\RegSERVO
              2010-06-24 01:47 . 2009-11-23 18:54   88040   ----a-w-   c:\windows\system32\drivers\PCTAppEvent.sys
              2010-06-24 01:47 . 2009-11-09 16:20   207792   ----a-w-   c:\windows\system32\drivers\PCTCore.sys
              2010-06-24 01:47 . 2010-01-07 17:40   233136   ----a-w-   c:\windows\system32\drivers\pctgntdi.sys
              2010-06-24 01:47 . 2010-06-24 01:47   --------   d-----w-   c:\program files\Common Files\PC Tools
              2010-06-24 01:47 . 2010-01-12 14:34   70664   ----a-w-   c:\windows\system32\drivers\pctNdis-PacketFilter.sys
              2010-06-24 01:47 . 2010-01-07 16:35   58816   ----a-w-   c:\windows\system32\drivers\pctNdis.sys
              2010-06-24 01:47 . 2010-01-07 16:35   32680   ----a-w-   c:\windows\system32\drivers\pctNdis-DNS.sys
              2010-06-24 01:47 . 2010-01-13 13:59   115216   ----a-w-   c:\windows\system32\drivers\pctplfw.sys
              2010-06-24 01:47 . 2010-06-24 23:57   --------   d-----w-   c:\program files\PC Tools Firewall Plus
              2010-06-24 01:26 . 2010-06-24 01:26   --------   d-sh--w-   c:\documents and settings\Administrator\IECompatCache
              2010-06-24 01:25 . 2010-06-24 01:25   --------   d-sh--w-   c:\documents and settings\Administrator\PrivacIE
              2010-06-24 01:24 . 2010-06-24 01:24   73424   ----a-w-   c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
              2010-06-22 04:55 . 2010-06-22 04:55   --------   d-----w-   c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
              2010-06-22 04:51 . 2010-06-22 04:52   --------   d-----w-   c:\program files\Microsoft Security Essentials
              2010-06-22 04:47 . 2010-06-22 04:47   --------   d-----w-   C:\76681267014789b6f130998a7b092a
              2010-06-22 04:46 . 2010-06-22 04:46   --------   d-----w-   C:\6c46460cc4353a7a5f30ff2463
              2010-06-22 04:45 . 2010-06-22 04:45   --------   d-----w-   C:\1e2df3c2d7506665fafd0372e8c7d1
              2010-06-22 04:35 . 2010-06-22 04:35   --------   d-----w-   C:\cf0812036585e0f292cd8391f11a33ca
              2010-06-22 04:15 . 2010-06-22 04:15   --------   d-----w-   C:\0497a1ce892cce9c6dfc0a02e6
              2010-06-22 03:38 . 2010-06-22 03:38   --------   d-sh--w-   c:\documents and settings\Administrator\IETldCache
              2010-06-20 04:35 . 2010-06-22 02:39   0   ----a-w-   c:\windows\Thizozido.bin
              2010-06-20 04:33 . 2010-06-24 05:36   --------   d-----w-   c:\documents and settings\Bobby\Local Settings\Application Data\kuqoqmppe
              2010-06-18 01:47 . 2010-05-06 10:41   743424   -c----w-   c:\windows\system32\dllcache\iedvtool.dll

              .
              ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              2010-06-28 03:01 . 2008-12-14 21:12   --------   d---a-w-   c:\documents and settings\All Users\Application Data\TEMP
              2010-06-27 03:19 . 2005-11-29 05:23   --------   d-----w-   c:\program files\Common Files\Java
              2010-06-27 02:40 . 2005-11-29 05:23   --------   d-----w-   c:\program files\Java
              2010-06-25 00:26 . 2009-08-28 20:48   --------   d-----w-   c:\documents and settings\All Users\Application Data\ATTToolbar
              2010-06-22 04:49 . 2005-11-29 05:53   --------   d-----w-   c:\program files\Common Files\Symantec Shared
              2010-06-22 04:45 . 2005-11-29 05:53   --------   d-----w-   c:\documents and settings\All Users\Application Data\Symantec
              2010-06-22 03:57 . 2008-12-14 21:07   --------   d-----w-   c:\program files\Norton Security Scan
              2010-06-22 03:32 . 2005-11-29 05:53   --------   d-----w-   c:\program files\Symantec
              2010-05-23 23:17 . 2010-05-23 23:17   503808   ----a-w-   c:\documents and settings\Bobby\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-18e85dce-n\msvcp71.dll
              2010-05-23 23:17 . 2010-05-23 23:17   499712   ----a-w-   c:\documents and settings\Bobby\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-18e85dce-n\jmc.dll
              2010-05-23 23:17 . 2010-05-23 23:17   348160   ----a-w-   c:\documents and settings\Bobby\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-18e85dce-n\msvcr71.dll
              2010-05-06 10:41 . 2004-08-10 12:00   916480   ----a-w-   c:\windows\system32\wininet.dll
              2010-05-02 05:22 . 2004-08-10 12:00   1851264   ----a-w-   c:\windows\system32\win32k.sys
              2010-04-20 05:30 . 2004-08-10 12:00   285696   ----a-w-   c:\windows\system32\atmfd.dll
              2010-03-31 05:16 . 2010-03-31 05:16   99176   ----a-w-   c:\windows\system32\PresentationHostProxy.dll
              2010-03-31 05:10 . 2010-03-31 05:10   295264   ----a-w-   c:\windows\system32\PresentationHost.exe
              2006-07-20 02:28 . 2006-07-20 02:28   251   ----a-w-   c:\program files\wt3d.ini
              2007-06-21 23:38 . 2007-06-21 23:38   30280   ----a-w-   c:\program files\mozilla firefox\plugins\cgpcfg.dll
              2007-06-21 23:38 . 2007-06-21 23:38   79432   ----a-w-   c:\program files\mozilla firefox\plugins\CgpCore.dll
              2007-06-21 23:38 . 2007-06-21 23:38   71240   ----a-w-   c:\program files\mozilla firefox\plugins\confmgr.dll
              2007-06-21 23:38 . 2007-06-21 23:38   140872   ----a-w-   c:\program files\mozilla firefox\plugins\ctxmui.dll
              2007-06-21 23:39 . 2007-06-21 23:39   38472   ----a-w-   c:\program files\mozilla firefox\plugins\icafile.dll
              2007-06-21 23:39 . 2007-06-21 23:39   46664   ----a-w-   c:\program files\mozilla firefox\plugins\icalogon.dll
              2007-06-21 23:39 . 2007-06-21 23:39   34376   ----a-w-   c:\program files\mozilla firefox\plugins\logging.dll
              2007-06-21 23:39 . 2007-06-21 23:39   685640   ----a-w-   c:\program files\mozilla firefox\plugins\sslsdk_b.dll
              2007-06-21 23:40 . 2007-06-21 23:40   30280   ----a-w-   c:\program files\mozilla firefox\plugins\TcpPServ.dll
              2003-12-05 03:16 . 2006-03-20 05:39   69632   --sha-r-   c:\windows\lnchshll.exe
              2003-12-05 17:41 . 2006-03-20 05:39   368640   --sha-r-   c:\windows\lpcl.exe
              2003-12-05 03:16 . 2006-03-20 05:39   49152   --sha-r-   c:\windows\ScrnInt.exe
              2004-08-10 12:00 . 2004-08-10 12:00   94784   --sh--w-   c:\windows\twain.dll
              2008-04-14 00:12 . 2004-08-10 12:00   50688   --sh--w-   c:\windows\twain_32.dll
              2004-08-20 05:26 . 2004-08-20 05:26   1216   --sh--w-   c:\windows\Twunk_16.dll
              2004-08-20 05:26 . 2004-08-20 05:26   1216   --sh--w-   c:\windows\Twunk_32.dll
              2008-04-14 00:11 . 2004-08-10 12:00   1028096   --sha-w-   c:\windows\system32\mfc42.dll
              2008-04-14 00:12 . 2004-08-10 12:00   57344   --sh--w-   c:\windows\system32\msvcirt.dll
              2008-04-14 00:12 . 2004-08-10 12:00   413696   --sha-w-   c:\windows\system32\msvcp60.dll
              2008-04-14 00:12 . 2004-08-10 12:00   551936   --sh--w-   c:\windows\system32\oleaut32.dll
              2008-04-14 00:12 . 2004-08-10 12:00   11776   --sh--w-   c:\windows\system32\regsvr32.exe
              .

              (((((((((((((((((((((((((((((   SnapShot@2010-06-27_20.32.02   )))))))))))))))))))))))))))))))))))))))))
              .
              + 2010-06-28 02:54 . 2010-06-28 02:54   16384              c:\windows\Temp\Perflib_Perfdata_6e8.dat
              .
              (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              .
              *Note* empty entries & legit default entries are not shown
              REGEDIT4

              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
              "hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-05-04 794624]
              "eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2006-04-18 405504]
              "Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-08-01 233534]
              "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb06.exe" [2002-07-11 188416]
              "HPHmon03"="c:\windows\system32\hphmon03.exe" [2001-10-25 311296]
              "Motive SmartBridge"="c:\progra~1\SBCLIG~1\SMARTB~1\MotiveSB.exe" [2003-12-10 380928]
              "googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
              "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
              "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
              "WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-05-16 430080]
              "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 729178]
              "Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344]
              "MotiveMonitor"="c:\program files\Motive\AsstCommon\motmon.exe" [2003-10-10 155648]
              "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
              "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
              "CXMon"="c:\program files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe" [2001-09-19 45056]
              "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-09-28 344064]
              "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
              "ISW.exe"="c:\program files\AT&T\Internet Security Wizard\ISW.exe" [2007-05-03 2061816]
              "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
              "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
              "MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]
              "00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2010-01-12 3168216]
              "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

              [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
              "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

              c:\documents and settings\All Users\Start Menu\Programs\Startup\
              Digital Lifeline.lnk - c:\program files\Digital Lifeline\bin\mpbtn.exe [2006-3-20 172032]
              HotSync Manager.lnk - c:\program files\palmOne\Hotsync.exe [2004-6-9 471040]
              NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2006-3-19 118784]

              [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
              "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

              [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
              2009-09-03 22:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL

              [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
              @="Service"

              [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
              "EnableFirewall"= 0 (0x0)

              [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
              "%windir%\\system32\\sessmgr.exe"=
              "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
              "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
              "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
              "c:\\Program Files\\iTunes\\iTunes.exe"=

              [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
              "AllowInboundEchoRequest"= 1 (0x1)

              R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [6/23/2010 8:47 PM 233136]
              R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
              R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
              R2 lpcl;lpcl;c:\windows\lpcl.exe [3/20/2006 12:39 AM 368640]
              R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [6/23/2010 8:47 PM 88040]
              R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [5/16/2008 6:12 PM 102400]
              R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [8/22/2005 4:06 AM 231424]
              R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [6/23/2010 8:47 PM 70664]
              R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [6/23/2010 8:47 PM 58816]
              R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [6/23/2010 8:47 PM 115216]
              S2 pciinfo;HP Pci Information;\??\c:\docume~1\Sandra\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys --> c:\docume~1\Sandra\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys [?]
              S3 Dot4Usb HPH09;Dot4Usb HPH09;c:\windows\system32\drivers\hphius09.sys [10/25/2001 9:54 AM 18864]
              S3 Net6IM;Net6;c:\windows\system32\DRIVERS\CAG_im51.sys --> c:\windows\system32\DRIVERS\CAG_im51.sys [?]
              S4 AutoSyncService;Memeo AutoSync ;c:\program files\Memeo\AutoSync\MemeoService.exe [7/6/2007 6:28 PM 31768]
              .
              Contents of the 'Scheduled Tasks' folder

              2010-06-10 c:\windows\Tasks\AppleSoftwareUpdate.job
              - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:34]

              2010-06-28 c:\windows\Tasks\MP Scheduled Scan.job
              - c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-09 23:02]
              .
              .
              ------- Supplementary Scan -------
              .
              uStart Page = hxxp://www.att.net
              uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
              mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
              uInternet Settings,ProxyOverride = <local>
              uSearchAssistant = hxxp://www.google.com/ie
              uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
              DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
              FF - ProfilePath - c:\documents and settings\Sandra\Application Data\Mozilla\Firefox\Profiles\v0znyxy7.default\
              FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
              FF - prefs.js: network.proxy.type - 4
              FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
              FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
              FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
              FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
              FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

              ---- FIREFOX POLICIES ----
              c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
              c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
              c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
              c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
              c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
              c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
              c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
              c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
              c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
              c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type",                  5);
              c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 10);
              c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
              c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
              c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_ everywhere__temporarily_available_pref", true);
              c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
              c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_a s_broken", false);
              c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
              c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
              c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
              c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
              c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
              c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
              c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
              c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
              c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
              .

              **************************************************************************

              catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
              Rootkit scan 2010-06-27 22:26
              Windows 5.1.2600 Service Pack 3 NTFS

              scanning hidden processes ... 

              scanning hidden autostart entries ...

              HKLM\Software\Microsoft\Windows\CurrentVersion\Run
                Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????6?2?0?5??????? ???B?????????????hLC? ??????

              scanning hidden files ... 

              scan completed successfully
              hidden files: 0

              **************************************************************************
              .
              --------------------- DLLs Loaded Under Running Processes ---------------------

              - - - - - - - > 'winlogon.exe'(800)
              c:\program files\SUPERAntiSpyware\SASWINLO.DLL
              c:\windows\system32\WININET.dll
              c:\windows\system32\Ati2evxx.dll

              - - - - - - - > 'explorer.exe'(14508)
              c:\windows\system32\WININET.dll
              c:\windows\system32\ieframe.dll
              c:\windows\system32\webcheck.dll
              .
              Completion time: 2010-06-27  22:29:21
              ComboFix-quarantined-files.txt  2010-06-28 03:29
              ComboFix2.txt  2010-06-27 20:35

              Pre-Run: 38,784,167,936 bytes free
              Post-Run: 38,768,476,160 bytes free

              - - End Of File - - 034D137168A3027DEDD2556C3841487F

              SuperDave

              • Malware Removal Specialist
              • Moderator


              • Genius
              • Thanked: 1020
              • Certifications: List
              • Experience: Expert
              • OS: Windows 10
              Re: Super Anti-Spyware Log
              « Reply #8 on: June 28, 2010, 01:14:16 PM »
              Please download the newest version of Adobe Acrobat Reader from Adobe.com

              Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
              Go to the Control Panel and enter Add or Remove Programs.
              Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

              Once old versions are gone, please install the newest version.

              =====================================

              Did you run the ComboFix script as instructed in Reply #5. If not, please do so and send me the log.
              Windows 8 and Windows 10 dual boot with two SSD's

              cis45x

                Topic Starter


                Rookie

                Re: Super Anti-Spyware Log
                « Reply #9 on: June 28, 2010, 09:35:25 PM »
                I had to run the ComboFx in Safe Mode it was running a memory physical dump.  Here is my log after running the ComboFix with the script.

                ComboFix 10-06-27.06 - Sandra 06/28/2010  22:12:58.5.1 - x86 NETWORK
                Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1022.756 [GMT -5:00]
                Running from: c:\documents and settings\Sandra\My Documents\Downloads\commy.exe
                Command switches used :: c:\documents and settings\Sandra\My Documents\Downloads\CFScript.txt
                AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
                FW: PC Tools Firewall Plus *enabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}

                FILE ::
                "c:\windows\Thizozido.bin"
                .

                (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
                .

                c:\windows\Thizozido.bin

                .
                (((((((((((((((((((((((((   Files Created from 2010-05-28 to 2010-06-29  )))))))))))))))))))))))))))))))
                .

                2010-06-29 02:48 . 2010-06-29 02:48   --------   d-----w-   c:\documents and settings\Default User\Local Settings\Application Data\Adobe
                2010-06-29 02:28 . 2010-06-29 02:28   53632   ----a-w-   c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
                2010-06-29 02:28 . 2010-06-29 02:28   --------   d-----w-   c:\program files\Common Files\Adobe AIR
                2010-06-29 02:21 . 2010-06-29 03:11   --------   d-----w-   c:\documents and settings\All Users\Application Data\NOS
                2010-06-29 00:35 . 2010-06-29 00:35   --------   d-----w-   c:\documents and settings\Sandra\Local Settings\Application Data\PCHealth
                2010-06-28 02:52 . 2010-06-28 02:53   --------   d-----w-   c:\documents and settings\Bobby\Application Data\PCToolsFirewallPlus
                2010-06-27 19:58 . 2010-06-27 19:58   --------   d-----w-   c:\program files\Trend Micro
                2010-06-27 03:19 . 2010-06-27 03:19   503808   ----a-w-   c:\documents and settings\Sandra\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-20f215ac-n\msvcp71.dll
                2010-06-27 03:19 . 2010-06-27 03:19   499712   ----a-w-   c:\documents and settings\Sandra\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-20f215ac-n\jmc.dll
                2010-06-27 03:19 . 2010-06-27 03:19   348160   ----a-w-   c:\documents and settings\Sandra\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-20f215ac-n\msvcr71.dll
                2010-06-27 03:19 . 2010-06-27 03:19   61440   ----a-w-   c:\documents and settings\Sandra\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-186516e0-n\decora-sse.dll
                2010-06-27 03:19 . 2010-06-27 03:19   12800   ----a-w-   c:\documents and settings\Sandra\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-186516e0-n\decora-d3d.dll
                2010-06-27 03:19 . 2010-06-27 03:18   411368   ----a-w-   c:\windows\system32\deployJava1.dll
                2010-06-26 16:48 . 2010-06-26 16:48   --------   d-----w-   c:\documents and settings\Sandra\Application Data\Malwarebytes
                2010-06-26 16:47 . 2010-04-29 20:39   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
                2010-06-26 16:47 . 2010-06-26 16:47   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
                2010-06-26 16:43 . 2010-06-26 16:47   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
                2010-06-26 16:43 . 2010-04-29 20:39   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
                2010-06-25 02:46 . 2010-05-21 19:14   221568   ------w-   c:\windows\system32\MpSigStub.exe
                2010-06-25 00:34 . 2010-06-25 00:34   63488   ----a-w-   c:\documents and settings\Sandra\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
                2010-06-25 00:34 . 2010-06-25 00:34   52224   ----a-w-   c:\documents and settings\Sandra\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
                2010-06-25 00:34 . 2010-06-25 00:34   117760   ----a-w-   c:\documents and settings\Sandra\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
                2010-06-25 00:34 . 2010-06-25 00:34   --------   d-----w-   c:\documents and settings\Sandra\Application Data\SUPERAntiSpyware.com
                2010-06-25 00:34 . 2010-06-25 00:34   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
                2010-06-25 00:33 . 2010-06-25 00:33   --------   d-----w-   c:\program files\SUPERAntiSpyware
                2010-06-25 00:06 . 2010-06-25 00:07   --------   d-----w-   c:\program files\CCleaner
                2010-06-24 23:55 . 2010-06-24 23:56   --------   d-----w-   c:\documents and settings\Sandra\Application Data\PCToolsFirewallPlus
                2010-06-24 01:59 . 2010-06-24 01:59   --------   d-----w-   c:\documents and settings\All Users\Application Data\RegSERVO
                2010-06-24 01:47 . 2009-11-23 18:54   88040   ----a-w-   c:\windows\system32\drivers\PCTAppEvent.sys
                2010-06-24 01:47 . 2009-11-09 16:20   207792   ----a-w-   c:\windows\system32\drivers\PCTCore.sys
                2010-06-24 01:47 . 2010-01-07 17:40   233136   ----a-w-   c:\windows\system32\drivers\pctgntdi.sys
                2010-06-24 01:47 . 2010-06-24 01:47   --------   d-----w-   c:\program files\Common Files\PC Tools
                2010-06-24 01:47 . 2010-01-12 14:34   70664   ----a-w-   c:\windows\system32\drivers\pctNdis-PacketFilter.sys
                2010-06-24 01:47 . 2010-01-07 16:35   58816   ----a-w-   c:\windows\system32\drivers\pctNdis.sys
                2010-06-24 01:47 . 2010-01-07 16:35   32680   ----a-w-   c:\windows\system32\drivers\pctNdis-DNS.sys
                2010-06-24 01:47 . 2010-01-13 13:59   115216   ----a-w-   c:\windows\system32\drivers\pctplfw.sys
                2010-06-24 01:47 . 2010-06-24 23:57   --------   d-----w-   c:\program files\PC Tools Firewall Plus
                2010-06-24 01:26 . 2010-06-24 01:26   --------   d-sh--w-   c:\documents and settings\Administrator\IECompatCache
                2010-06-24 01:25 . 2010-06-24 01:25   --------   d-sh--w-   c:\documents and settings\Administrator\PrivacIE
                2010-06-24 01:24 . 2010-06-24 01:24   73424   ----a-w-   c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
                2010-06-22 04:55 . 2010-06-22 04:55   --------   d-----w-   c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
                2010-06-22 04:51 . 2010-06-22 04:52   --------   d-----w-   c:\program files\Microsoft Security Essentials
                2010-06-22 04:47 . 2010-06-22 04:47   --------   d-----w-   C:\76681267014789b6f130998a7b092a
                2010-06-22 04:46 . 2010-06-22 04:46   --------   d-----w-   C:\6c46460cc4353a7a5f30ff2463
                2010-06-22 04:45 . 2010-06-22 04:45   --------   d-----w-   C:\1e2df3c2d7506665fafd0372e8c7d1
                2010-06-22 04:35 . 2010-06-22 04:35   --------   d-----w-   C:\cf0812036585e0f292cd8391f11a33ca
                2010-06-22 04:15 . 2010-06-22 04:15   --------   d-----w-   C:\0497a1ce892cce9c6dfc0a02e6
                2010-06-22 03:38 . 2010-06-22 03:38   --------   d-sh--w-   c:\documents and settings\Administrator\IETldCache
                2010-06-20 04:33 . 2010-06-24 05:36   --------   d-----w-   c:\documents and settings\Bobby\Local Settings\Application Data\kuqoqmppe
                2010-06-18 01:47 . 2010-05-06 10:41   743424   -c----w-   c:\windows\system32\dllcache\iedvtool.dll

                .
                ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
                .
                2010-06-29 03:22 . 2008-12-14 21:12   --------   d---a-w-   c:\documents and settings\All Users\Application Data\TEMP
                2010-06-29 02:47 . 2006-03-09 03:55   --------   d-----w-   c:\program files\Common Files\Adobe
                2010-06-28 04:48 . 2009-08-28 20:48   --------   d-----w-   c:\documents and settings\All Users\Application Data\ATTToolbar
                2010-06-27 03:19 . 2005-11-29 05:23   --------   d-----w-   c:\program files\Common Files\Java
                2010-06-27 02:40 . 2005-11-29 05:23   --------   d-----w-   c:\program files\Java
                2010-06-22 04:49 . 2005-11-29 05:53   --------   d-----w-   c:\program files\Common Files\Symantec Shared
                2010-06-22 04:45 . 2005-11-29 05:53   --------   d-----w-   c:\documents and settings\All Users\Application Data\Symantec
                2010-06-22 03:57 . 2008-12-14 21:07   --------   d-----w-   c:\program files\Norton Security Scan
                2010-06-22 03:32 . 2005-11-29 05:53   --------   d-----w-   c:\program files\Symantec
                2010-05-23 23:17 . 2010-05-23 23:17   503808   ----a-w-   c:\documents and settings\Bobby\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-18e85dce-n\msvcp71.dll
                2010-05-23 23:17 . 2010-05-23 23:17   499712   ----a-w-   c:\documents and settings\Bobby\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-18e85dce-n\jmc.dll
                2010-05-23 23:17 . 2010-05-23 23:17   348160   ----a-w-   c:\documents and settings\Bobby\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-18e85dce-n\msvcr71.dll
                2010-05-06 10:41 . 2004-08-10 12:00   916480   ----a-w-   c:\windows\system32\wininet.dll
                2010-05-02 05:22 . 2004-08-10 12:00   1851264   ----a-w-   c:\windows\system32\win32k.sys
                2010-04-20 05:30 . 2004-08-10 12:00   285696   ----a-w-   c:\windows\system32\atmfd.dll
                2010-03-31 05:16 . 2010-03-31 05:16   99176   ----a-w-   c:\windows\system32\PresentationHostProxy.dll
                2010-03-31 05:10 . 2010-03-31 05:10   295264   ----a-w-   c:\windows\system32\PresentationHost.exe
                2006-07-20 02:28 . 2006-07-20 02:28   251   ----a-w-   c:\program files\wt3d.ini
                2007-06-21 23:38 . 2007-06-21 23:38   30280   ----a-w-   c:\program files\mozilla firefox\plugins\cgpcfg.dll
                2007-06-21 23:38 . 2007-06-21 23:38   79432   ----a-w-   c:\program files\mozilla firefox\plugins\CgpCore.dll
                2007-06-21 23:38 . 2007-06-21 23:38   71240   ----a-w-   c:\program files\mozilla firefox\plugins\confmgr.dll
                2007-06-21 23:38 . 2007-06-21 23:38   140872   ----a-w-   c:\program files\mozilla firefox\plugins\ctxmui.dll
                2007-06-21 23:39 . 2007-06-21 23:39   38472   ----a-w-   c:\program files\mozilla firefox\plugins\icafile.dll
                2007-06-21 23:39 . 2007-06-21 23:39   46664   ----a-w-   c:\program files\mozilla firefox\plugins\icalogon.dll
                2007-06-21 23:39 . 2007-06-21 23:39   34376   ----a-w-   c:\program files\mozilla firefox\plugins\logging.dll
                2007-06-21 23:39 . 2007-06-21 23:39   685640   ----a-w-   c:\program files\mozilla firefox\plugins\sslsdk_b.dll
                2007-06-21 23:40 . 2007-06-21 23:40   30280   ----a-w-   c:\program files\mozilla firefox\plugins\TcpPServ.dll
                2003-12-05 03:16 . 2006-03-20 05:39   69632   --sha-r-   c:\windows\lnchshll.exe
                2003-12-05 17:41 . 2006-03-20 05:39   368640   --sha-r-   c:\windows\lpcl.exe
                2003-12-05 03:16 . 2006-03-20 05:39   49152   --sha-r-   c:\windows\ScrnInt.exe
                2004-08-10 12:00 . 2004-08-10 12:00   94784   --sh--w-   c:\windows\twain.dll
                2008-04-14 00:12 . 2004-08-10 12:00   50688   --sh--w-   c:\windows\twain_32.dll
                2004-08-20 05:26 . 2004-08-20 05:26   1216   --sh--w-   c:\windows\Twunk_16.dll
                2004-08-20 05:26 . 2004-08-20 05:26   1216   --sh--w-   c:\windows\Twunk_32.dll
                2008-04-14 00:11 . 2004-08-10 12:00   1028096   --sha-w-   c:\windows\system32\mfc42.dll
                2008-04-14 00:12 . 2004-08-10 12:00   57344   --sh--w-   c:\windows\system32\msvcirt.dll
                2008-04-14 00:12 . 2004-08-10 12:00   413696   --sha-w-   c:\windows\system32\msvcp60.dll
                2008-04-14 00:12 . 2004-08-10 12:00   551936   --sh--w-   c:\windows\system32\oleaut32.dll
                2008-04-14 00:12 . 2004-08-10 12:00   11776   --sh--w-   c:\windows\system32\regsvr32.exe
                .

                ((((((((((((((((((((((((((((((((((((((((((((   Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
                .
                ---- Directory of c:\documents and settings\Bobby\Local Settings\Application Data\kuqoqmppe ----



                (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
                .
                .
                *Note* empty entries & legit default entries are not shown
                REGEDIT4

                [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
                "hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-05-04 794624]
                "eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2006-04-18 405504]
                "Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-08-01 233534]
                "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb06.exe" [2002-07-11 188416]
                "HPHmon03"="c:\windows\system32\hphmon03.exe" [2001-10-25 311296]
                "Motive SmartBridge"="c:\progra~1\SBCLIG~1\SMARTB~1\MotiveSB.exe" [2003-12-10 380928]
                "googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
                "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
                "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
                "WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-05-16 430080]
                "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 729178]
                "Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344]
                "MotiveMonitor"="c:\program files\Motive\AsstCommon\motmon.exe" [2003-10-10 155648]
                "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
                "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
                "CXMon"="c:\program files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe" [2001-09-19 45056]
                "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-09-28 344064]
                "ISW.exe"="c:\program files\AT&T\Internet Security Wizard\ISW.exe" [2007-05-03 2061816]
                "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
                "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
                "MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]
                "00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2010-01-12 3168216]
                "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
                "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
                "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

                [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
                "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

                c:\documents and settings\All Users\Start Menu\Programs\Startup\
                Digital Lifeline.lnk - c:\program files\Digital Lifeline\bin\mpbtn.exe [2006-3-20 172032]
                HotSync Manager.lnk - c:\program files\palmOne\Hotsync.exe [2004-6-9 471040]
                NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2006-3-19 118784]

                [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
                "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

                [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
                2009-09-03 22:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL

                [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
                @="Service"

                [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
                "EnableFirewall"= 0 (0x0)

                [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
                "%windir%\\system32\\sessmgr.exe"=
                "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
                "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
                "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
                "c:\\Program Files\\iTunes\\iTunes.exe"=

                [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
                "AllowInboundEchoRequest"= 1 (0x1)

                R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [6/23/2010 8:47 PM 233136]
                R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
                R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
                R2 lpcl;lpcl;c:\windows\lpcl.exe [3/20/2006 12:39 AM 368640]
                R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [6/23/2010 8:47 PM 88040]
                R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [5/16/2008 6:12 PM 102400]
                R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [8/22/2005 4:06 AM 231424]
                R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [6/23/2010 8:47 PM 70664]
                R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [6/23/2010 8:47 PM 58816]
                R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [6/23/2010 8:47 PM 115216]
                S2 pciinfo;HP Pci Information;\??\c:\docume~1\Sandra\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys --> c:\docume~1\Sandra\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys [?]
                S3 Dot4Usb HPH09;Dot4Usb HPH09;c:\windows\system32\drivers\hphius09.sys [10/25/2001 9:54 AM 18864]
                S3 Net6IM;Net6;c:\windows\system32\DRIVERS\CAG_im51.sys --> c:\windows\system32\DRIVERS\CAG_im51.sys [?]
                S4 AutoSyncService;Memeo AutoSync ;c:\program files\Memeo\AutoSync\MemeoService.exe [7/6/2007 6:28 PM 31768]
                .
                Contents of the 'Scheduled Tasks' folder

                2010-06-10 c:\windows\Tasks\AppleSoftwareUpdate.job
                - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:34]

                2010-06-29 c:\windows\Tasks\MP Scheduled Scan.job
                - c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-09 23:02]
                .
                .
                ------- Supplementary Scan -------
                .
                uStart Page = hxxp://www.att.net
                uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
                mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
                uInternet Settings,ProxyOverride = <local>
                uSearchAssistant = hxxp://www.google.com/ie
                uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
                DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
                FF - ProfilePath - c:\documents and settings\Sandra\Application Data\Mozilla\Firefox\Profiles\v0znyxy7.default\
                FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
                FF - prefs.js: network.proxy.type - 4
                FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
                FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
                FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
                FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
                FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

                ---- FIREFOX POLICIES ----
                c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
                c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
                c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
                c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
                c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
                c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
                c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
                c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
                c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
                c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type",                  5);
                c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 10);
                c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
                c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
                c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_ everywhere__temporarily_available_pref", true);
                c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
                c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_a s_broken", false);
                c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
                c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
                c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
                c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
                c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
                c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
                c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
                c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
                c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
                .

                **************************************************************************

                catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                Rootkit scan 2010-06-28 22:22
                Windows 5.1.2600 Service Pack 3 NTFS

                scanning hidden processes ... 

                scanning hidden autostart entries ...

                HKLM\Software\Microsoft\Windows\CurrentVersion\Run
                  Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????????n??|?????? ???B?????????????hLC? ??????

                scanning hidden files ... 

                scan completed successfully
                hidden files: 0

                **************************************************************************
                .
                --------------------- DLLs Loaded Under Running Processes ---------------------

                - - - - - - - > 'winlogon.exe'(1124)
                c:\program files\SUPERAntiSpyware\SASWINLO.DLL
                c:\windows\system32\WININET.dll
                c:\windows\system32\Ati2evxx.dll

                - - - - - - - > 'explorer.exe'(4264)
                c:\windows\system32\WININET.dll
                c:\windows\system32\ieframe.dll
                c:\windows\system32\webcheck.dll
                .
                ------------------------ Other Running Processes ------------------------
                .
                c:\windows\system32\Ati2evxx.exe
                c:\program files\Microsoft Security Essentials\MsMpEng.exe
                c:\windows\system32\Ati2evxx.exe
                c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                c:\program files\Bonjour\mDNSResponder.exe
                c:\windows\eHome\ehRecvr.exe
                c:\windows\eHome\ehSched.exe
                c:\program files\Java\jre6\bin\jqs.exe
                c:\program files\Common Files\LightScribe\LSSrvc.exe
                c:\program files\Common Files\Motive\McciCMService.exe
                c:\program files\PC Tools Firewall Plus\FWService.exe
                c:\windows\system32\HPZipm12.exe
                c:\windows\ehome\mcrdsvc.exe
                c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
                c:\progra~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
                c:\windows\system32\dllhost.exe
                c:\windows\system32\wscntfy.exe
                c:\program files\iPod\bin\iPodService.exe
                c:\windows\eHome\ehmsas.exe
                c:\program files\HPQ\SHARED\HPQWMI.exe
                .
                **************************************************************************
                .
                Completion time: 2010-06-28  22:29:42 - machine was rebooted
                ComboFix-quarantined-files.txt  2010-06-29 03:29
                ComboFix2.txt  2010-06-28 03:29
                ComboFix3.txt  2010-06-27 20:35

                Pre-Run: 37,172,535,296 bytes free
                Post-Run: 37,158,219,776 bytes free

                - - End Of File - - FE582E01464266889D9389BD4DA18118

                SuperDave

                • Malware Removal Specialist
                • Moderator


                • Genius
                • Thanked: 1020
                • Certifications: List
                • Experience: Expert
                • OS: Windows 10
                Re: Super Anti-Spyware Log
                « Reply #10 on: June 29, 2010, 11:16:54 AM »
                What issues were you having with your computer? Are they still occuring?
                Windows 8 and Windows 10 dual boot with two SSD's

                cis45x

                  Topic Starter


                  Rookie

                  Re: Super Anti-Spyware Log
                  « Reply #11 on: June 29, 2010, 11:54:24 AM »
                  I believe that it is working ok.  I need to check the applications and other user accounts to make sure.  Thank you soo much for your help in resolving these issues. 

                  SuperDave

                  • Malware Removal Specialist
                  • Moderator


                  • Genius
                  • Thanked: 1020
                  • Certifications: List
                  • Experience: Expert
                  • OS: Windows 10
                  Re: Super Anti-Spyware Log
                  « Reply #12 on: June 29, 2010, 12:11:32 PM »
                  Please run one more scan for me and if it comes up negative, we'll so some clean-up.

                  I'd like us to scan your machine with ESET OnlineScan

                  •Hold down Control and click on the following link to open ESET OnlineScan in a new window.
                  ESET OnlineScan
                  •Click the button.
                  •For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
                  • Click on to download the ESET Smart Installer. Save it to your desktop.
                  • Double click on the icon on your desktop.
                  •Check
                  •Click the button.
                  •Accept any security warnings from your browser.
                  •Check
                  •Push the Start button.
                  •ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
                  •When the scan completes, push
                  •Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
                  •Push the button.
                  •Push
                  A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

                  Windows 8 and Windows 10 dual boot with two SSD's

                  cis45x

                    Topic Starter


                    Rookie

                    Re: Super Anti-Spyware Log
                    « Reply #13 on: July 02, 2010, 05:21:43 PM »
                    I ran the ESET Online scanner with both the Remove Found Threats and Scan Archives checked and no threats were found.

                    Looks like its working well.  Thanks again for all your help.

                    SuperDave

                    • Malware Removal Specialist
                    • Moderator


                    • Genius
                    • Thanked: 1020
                    • Certifications: List
                    • Experience: Expert
                    • OS: Windows 10
                    Re: Super Anti-Spyware Log
                    « Reply #14 on: July 02, 2010, 05:24:50 PM »
                    Ok. That sound good. Let's do some clean-up

                    * Click START then RUN - Vista users press the Windows Key and the R keys for the Run box.
                    * Now type commy /uninstall in the runbox
                    * Make sure there's a space between commy and /Uninstall
                    * Then hit Enter

                    * The above procedure will:
                    * Delete the following:
                    * ComboFix and its associated files and folders.
                    * Reset the clock settings.
                    * Hide file extensions, if required.
                    * Hide System/Hidden files, if required.
                    * Set a new, clean Restore Point.

                    ============================

                    Download OTC by OldTimer and save it to your desktop.

                    1. Double-click OTC to run it.
                    2. Click the CleanUp! button.
                    3. Select Yes when the "Begin cleanup Process?" prompt appears.
                    4. If you are prompted to Reboot during the cleanup, select Yes
                    5. OTC should delete itself once it finishes, if not delete it yourself.

                    =============================

                    Clean out your temporary internet files and temp files.

                    Download TFC by OldTimer to your desktop.

                    Double-click TFC.exe to run it.

                    Note: If you are running on Vista, right-click on the file and choose Run As Administrator

                    TFC will close all programs when run, so make sure you have saved all your work before you begin.

                    * Click the Start button to begin the cleaning process.
                    * Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
                    * Please let TFC run uninterrupted until it is finished.

                    Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

                    =================================

                    Use the Secunia Software Inspector to check for out of date software.

                    •Click Start Now

                    •Check the box next to Enable thorough system inspection.

                    •Click Start

                    •Allow the scan to finish and scroll down to see if any updates are needed.
                    •Update anything listed.
                    .
                    ----------

                    Go to Microsoft Windows Update and get all critical updates.

                    ----------

                    I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

                    SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
                    * Using SpywareBlaster to protect your computer from Spyware and Malware
                    * If you don't know what ActiveX controls are, see here

                    Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

                    Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

                    Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
                    Safe Surfing!

                    Windows 8 and Windows 10 dual boot with two SSD's