Yahoo Msg will not open ....can anybody sort this issue out ? w/log

[miolner1]

Hello to all,

Hello to all,


I have a niggling little problem with my yahoo msg that will not open : it will basically kick me back each time to the signon screen and leave me there. Now this situation did not arise before and yahoo msg would pretty much open by itself and I had the option to close the programupon auto opening. All was working fine up till a few days ago and now I have no idea what is going on .....I provided a log here to help you guys have a look at the opening events and if there is some issue with a firewall or two as thats what the yahoo msg will show in an error msg box upon retry of opening the program...what gets me is that its possibly something really small but pesky all the same thats causing this problem ....I will let you see if you can see anything wrong and maybe instruct me on how to fix it .....again much appreciation to you all if we can sort this one out

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:04:47 PM, on 9/6/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Common Files\ISPCOMP\InstallService.exe
C:\Program Files\Common Files\AOL\1217722696\ee\AOLSoftware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\AOL 9.1\waol.exe
C:\Program Files\AOL 9.1\shellmon.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Netscape Internet Service\NSClient.exe
C:\Program Files\Netscape Internet Service\_NSWatchman.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = home.netscape.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [Netscape] C:\Program Files\Common Files\ISPCOMP\InstallService.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1217722696\ee\AOLSoftware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1\AOL.EXE" -b
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/SmileyCentralInitialSetup1.0.1.1.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/html - {b969d37f-881d-44de-b227-c44e633b7c2c} - C:\WINDOWS\default32.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
 

[SuperDave]

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

Download Disable/Remove Windows Messenger to the desktop to remove Windows Messenger.

Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.

Exit out of MessengerDisable then delete the two files that were put on the desktop.

******************************************
I strongly recommend that you remove Ask from your computer because it;

•Promotes its toolbars on sites targeted to kids.

•Promotes its toolbars through ads that appear to be part of other companies' sites.

•Promotes its toolbars through other companies' spyware.

•Installs without any disclosure whatsoever and without any consent whatsoever.

•Solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.

•Makes confusing changes to users' browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.

See Here for more info.

If you choose to follow my recommendation then please go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.

•AskBarDis or anything related to Ask

Then please find and delete this folder in bold (if present):
C:\Program Files\AskBarDis. or anything related to Ask.

******************************************

C:\Program Files\alot is a malicious program and should also be un-installed.

****************************************************

Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O3 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.

**************************************
According to your log, your Anti-Virus (AVG) is out-of-date. Please update it before running these next scans.

************************************
SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
****************************************
Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
• Please save the log to a location you will remember.
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
*************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

[miolner1]

Okay, here is the first log as requested...again thanks for putting in the time to help me resolve this issue.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4558

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

9/6/2010 9:11:04 PM
mbam-log-2010-09-06 (21-11-04).txt

Scan type: Quick scan
Objects scanned: 142432
Time elapsed: 16 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CONNECT (Trojan.PornDialer) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\User\My Documents\downloads\install_player.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Favorites\Antivirus Scan.URL (Rogue.Link) -> Quarantined and deleted successfully.

[miolner1]

and the second log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/06/2010 at 08:18 PM

Application Version : 4.42.1000

Core Rules Database Version : 5461
Trace Rules Database Version: 3273

Scan type       : Complete Scan
Total Scan Time : 02:03:50

Memory items scanned      : 561
Memory threats detected   : 0
Registry items scanned    : 6824
Registry threats detected : 9
File items scanned        : 72754
File threats detected     : 1026

Adware.Tracking Cookie
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected][4].txt
   C:\Documents and Settings\User\Cookies\[email protected][4].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\user@123stat[2].txt
   C:\Documents and Settings\User\Cookies\[email protected]
   C:\Documents and Settings\User\Cookies\[email protected][4].txt
   C:\Documents and Settings\User\Cookies\user@insightexpressai[8].txt
   C:\Documents and Settings\User\Cookies\user@imrworldwide[1].txt
   C:\Documents and Settings\User\Cookies\user@tacoda[1].txt
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\[email protected][8].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\user@media6degrees[3].txt
   C:\Documents and Settings\User\Cookies\user@adbrite[2].txt
   C:\Documents and Settings\User\Cookies\[email protected][3].txt
   C:\Documents and Settings\User\Cookies\user@specificmedia[3].txt
   C:\Documents and Settings\User\Cookies\user@yieldmanager[3].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\user@fastclick[2].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\user@gaypornblog[1].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\user@discountanabolics[2].txt
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\user@thefind[1].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\user@ru4[1].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\[email protected][5].txt
   C:\Documents and Settings\User\Cookies\[email protected][3].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\user@adecn[4].txt
   C:\Documents and Settings\User\Cookies\[email protected][3].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\user@adxpose[1].txt
   C:\Documents and Settings\User\Cookies\user@invitemedia[1].txt
   C:\Documents and Settings\User\Cookies\user@tribalfusion[2].txt
   C:\Documents and Settings\User\Cookies\user@smileycentral[1].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\user@clickshift[1].txt
   C:\Documents and Settings\User\Cookies\user@atdmt[1].txt
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\user@advertising[1].txt
   C:\Documents and Settings\User\Cookies\user@azjmp[1].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\user@dmtracker[1].txt
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected][3].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\user@doubleclick[3].txt
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\user@interclick[5].txt
   C:\Documents and Settings\User\Cookies\[email protected][3].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\user@adlegend[2].txt
   C:\Documents and Settings\User\Cookies\user@asianteenpictureclub[1].txt
   C:\Documents and Settings\User\Cookies\user@atwola[8].txt
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\user@legolas-media[1].txt
   C:\Documents and Settings\User\Cookies\[email protected][3].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\user@2o7[1].txt
   C:\Documents and Settings\User\Cookies\[email protected][3].txt
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\user@serving-sys[1].txt
   C:\Documents and Settings\User\Cookies\[email protected][5].txt
   C:\Documents and Settings\User\Cookies\[email protected][3].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected][3].txt
   C:\Documents and Settings\User\Cookies\user@fastclick[1].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\user@checkstat[1].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\user@espnmediazone3[1].txt
   C:\Documents and Settings\User\Cookies\user@findarticles[1].txt
   C:\Documents and Settings\User\Cookies\user@pro-market[1].txt
   C:\Documents and Settings\User\Cookies\user@adtech[1].txt
   C:\Documents and Settings\User\Cookies\user@trackalyzer[1].txt
   C:\Documents and Settings\User\Cookies\user@roiservice[1].txt
   C:\Documents and Settings\User\Cookies\user@w3track[2].txt
   C:\Documents and Settings\User\Cookies\[email protected][6].txt
   C:\Documents and Settings\User\Cookies\user@pornhub[1].txt
   C:\Documents and Settings\User\Cookies\user@clickbank[1].txt
   C:\Documents and Settings\User\Cookies\[email protected][5].txt
   C:\Documents and Settings\User\Cookies\user@tripod[2].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\user@burstnet[2].txt
   C:\Documents and Settings\User\Cookies\user@sextracker[2].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\user@andomedia[1].txt
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\user@adult[2].txt
   C:\Documents and Settings\User\Cookies\[email protected][3].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\[email protected][4].txt
   C:\Documents and Settings\User\Cookies\user@eyewonder[2].txt
   C:\Documents and Settings\User\Cookies\user@trafficregenerator[2].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\user@discountsupplements[1].txt
   C:\Documents and Settings\User\Cookies\user@amex-insights[1].txt
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\user@lockedonmedia[3].txt
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\user@bizrate[3].txt
   C:\Documents and Settings\User\Cookies\user@adultadworld[1].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\user@asianmedia[2].txt
   C:\Documents and Settings\User\Cookies\user@mediav[1].txt
   C:\Documents and Settings\User\Cookies\user@bravenet[1].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\user@invitemedia[4].txt
   C:\Documents and Settings\User\Cookies\user@xiti[1].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\user@spylog[2].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\user@publicrecordfinder[1].txt
   C:\Documents and Settings\User\Cookies\user@adinterax[1].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected][4].txt
   C:\Documents and Settings\User\Cookies\user@publicsexjapan[1].txt
   C:\Documents and Settings\User\Cookies\user@smartadserver[2].txt
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\user@questionmarket[1].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\user@intermundomedia[2].txt
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\user@tradedoubler[2].txt
   C:\Documents and Settings\User\Cookies\[email protected][6].txt
   C:\Documents and Settings\User\Cookies\user@mediabum[1].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\user@mediaforgews[1].txt
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\[email protected][3].txt
   C:\Documents and Settings\User\Cookies\user@qksrv[2].txt
   C:\Documents and Settings\User\Cookies\user@myroitracking[1].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\user@click2go[2].txt
   C:\Documents and Settings\User\Cookies\[email protected][8].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\user@steelhousemedia[2].txt
   C:\Documents and Settings\User\Cookies\user@tubepornvidz[2].txt
   C:\Documents and Settings\User\Cookies\user@clickz[2].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected][7].txt
   C:\Documents and Settings\User\Cookies\user@porn[1].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\user@kanoodle[2].txt
   C:\Documents and Settings\User\Cookies\user@trafficmp[1].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected][3].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\user@lfstmedia[2].txt
   C:\Documents and Settings\User\Cookies\user@apmebf[6].txt
   C:\Documents and Settings\User\Cookies\user@weborama[1].txt
   C:\Documents and Settings\User\Cookies\user@qnsr[1].txt
   C:\Documents and Settings\User\Cookies\[email protected][6].txt
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\user@revsci[2].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\user@kontera[2].txt
   C:\Documents and Settings\User\Cookies\[email protected]
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\user@accountingblock[2].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\user@collective-media[4].txt
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\[email protected]
   C:\Documents and Settings\User\Cookies\user@bluestreak[2].txt
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\user@tacoda[2].txt
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\user@sanmateocountyfair[1].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\user@lucidmedia[1].txt
   C:\Documents and Settings\User\Cookies\user@adecn[6].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\user@mediaplex[1].txt
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected][3].txt
   C:\Documents and Settings\User\Cookies\user@specificclick[10].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\user@toplist[2].txt
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\user@liveperson[2].txt
   C:\Documents and Settings\User\Cookies\user@discountfact[1].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\user@adultdvdtalk[1].txt
   C:\Documents and Settings\User\Cookies\[email protected][3].txt
   C:\Documents and Settings\User\Cookies\user@liveperson[10].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\user@pointroll[2].txt
   C:\Documents and Settings\User\Cookies\user@adxpansion[1].txt
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\user@mediaforge[1].txt
   C:\Documents and Settings\User\Cookies\user@liveperson[3].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\user@liveperson[9].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\user@traveladvertising[1].txt
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\user@pornadept[1].txt
   C:\Documents and Settings\User\Cookies\user@backcountry[1].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\user@liveperson[6].txt
   C:\Documents and Settings\User\Cookies\user@mediadakine[1].txt
   C:\Documents and Settings\User\Cookies\user@byuaccounting[2].txt
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\user@revenue[2].txt
   C:\Documents and Settings\User\Cookies\user@kleankanteen[1].txt
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\[email protected]*censored*-mall[1].txt
   C:\Documents and Settings\User\Cookies\user@gradimages[2].txt
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\user@sexasian18[2].txt
   C:\Documents and Settings\User\Cookies\user@dealtime[1].txt
   C:\Documents and Settings\User\Cookies\user@liveperson[7].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\user@naiadsystems[1].txt
   C:\Documents and Settings\User\Cookies\[email protected]
   C:\Documents and Settings\User\Cookies\user@specificmedia[8].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\user@linksynergy[1].txt
   C:\Documents and Settings\User\Cookies\user@shefinds[2].txt
   C:\Documents and Settings\User\Cookies\user@pornvidzz[1].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\user@edgeadx[1].txt
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\user@peoplefinders[1].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\user@statcounter[4].txt
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\[email protected]
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected]
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\user@yadro[1].txt
   C:\Documents and Settings\User\Cookies\user@porn234[1].txt
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\user@liveperson[5].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\user@nextag[3].txt
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\user@wawporn[1].txt
   C:\Documents and Settings\User\Cookies\user@2o7[2].txt
   C:\Documents and Settings\User\Cookies\user@superstats[2].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\user@mediabrandsww[1].txt
   C:\Documents and Settings\User\Cookies\[email protected]
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\user@pornordie[2].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected]
   C:\Documents and Settings\User\Cookies\user@webstat[2].txt
   C:\Documents and Settings\User\Cookies\user@accountancyagejobs[1].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\user@liveperson[1].txt
   C:\Documents and Settings\User\Cookies\user@realmedia[1].txt
   C:\Documents and Settings\User\Cookies\user@discountdance[1].txt
   C:\Documents and Settings\User\Cookies\[email protected][10].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\[email protected]
   C:\Documents and Settings\User\Cookies\user@insightexpressai[5].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\user@www.*censored*[1].txt
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\user@liveperson[11].txt
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\user@adxpansion[2].txt
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\user@fortunecity[2].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\user@everglowmedia[1].txt
   C:\Documents and Settings\User\Cookies\user@petfinder[2].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\user@webpower[1].txt
   C:\Documents and Settings\User\Cookies\user@liveperson[8].txt
   C:\Documents and Settings\User\Cookies\[email protected][11].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected]
   C:\Documents and Settings\User\Cookies\user@homeinsight[1].txt
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\user@lynxtrack[1].txt
   C:\Documents and Settings\User\Cookies\[email protected]
   C:\Documents and Settings\User\Cookies\[email protected][5].txt
   C:\Documents and Settings\User\Cookies\user@adultdvdpacific[1].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\user@mediablvd[1].txt
   C:\Documents and Settings\User\Cookies\[email protected][10].txt
   C:\Documents and Settings\User\Cookies\[email protected][5].txt
   C:\Documents and Settings\User\Cookies\user@adultfriendfinder[1].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\[email protected]
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\user@porndad[1].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\user@*censored*[1].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\user@accountonline[1].txt
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\user@liveperson[4].txt
   C:\Documents and Settings\User\Cookies\[email protected]
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\user@elitechoice[2].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\user@greentechmedia[1].txt
   C:\Documents and Settings\User\Cookies\user@*censored*.122.2o7[1].txt
   C:\Documents and Settings\User\Cookies\[email protected][6].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\user@popularscreensavers[2].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\user@chitika[5].txt
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected][7].txt
   C:\Documents and Settings\User\Cookies\[email protected]
   C:\Documents and Settings\User\Cookies\[email protected][9].txt
   C:\Documents and Settings\User\Cookies\user@adbrite[1].txt
   C:\Documents and Settings\User\Cookies\[email protected]
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected]
   C:\Documents and Settings\User\Cookies\[email protected][6].txt
   C:\Documents and Settings\User\Cookies\[email protected][9].txt
   C:\Documents and Settings\User\Cookies\user@hornymatches[2].txt
   C:\Documents and Settings\User\Cookies\[email protected]
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected]
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\user@accountemps[1].txt
   C:\Documents and Settings\User\Cookies\user@casalemedia[2].txt
   C:\Documents and Settings\User\Cookies\[email protected]
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\user@accounting-financial-tax[1].txt
   C:\Documents and Settings\User\Cookies\user@teenbodybuilding[1].txt
   C:\Documents and Settings\User\Cookies\user@dancediscount[2].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   C:\Documents and Settings\User\Cookies\[email protected]
   C:\Documents and Settings\User\Cookies\[email protected]
   C:\Documents and Settings\User\Cookies\[email protected]
   C:\Documents and Settings\User\Cookies\user@hitbox[1].txt
   C:\Documents and Settings\User\Cookies\[email protected]
   C:\Documents and Settings\User\Cookies\[email protected][2].txt
   C:\Documents and Settings\User\Cookies\user@vcdiscounter[1].txt
   C:\Documents and Settings\User\Cookies\[email protected]
   C:\Documents and Settings\User\Cookies\user@pornvisit[1].txt
   C:\Documents and Settings\User\Cookies\[email protected][4].txt
   C:\Documents and Settings\User\Cookies\[email protected][1].txt
   a.ads2.msads.net [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
   adbureau.net [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
   ads1.msn.com [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
   ads2.msads.net [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
   ads2.msn.com [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
   b.ads2.msads.net [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
   bannerfarm.ace.advertising.com [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
   bbca.channelfinder.net [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
   cdn2.invitemedia.com [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
   cdn4.specificclick.net [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
   content.yieldmanager.edgesuite.net [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
   convoad.technoratimedia.com [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
   core.insightexpressai.com [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
   ds.serving-sys.com [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
   ec.atdmt.com [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
   googleads.g.doubleclick.net [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
   ia.media-imdb.com [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
   insight.randomhouse.com [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
   interclick.com [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
   m1.2mdn.net [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
   macromedia.com [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
   media-cdn.pictela.net [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
   media-macys2.pictela.net [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
   media-mars.pictela.net [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
   media.jambocast.com [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
   media.mtvnservices.com [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
   media.mtvu.com [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
   media.nbcsandiego.com [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
   media.onsugar.com [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
   media.podaddies.com [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
   media.resulthost.org [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
   media.scanscout.com [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
   media.tattomedia.com [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
   media.thewb.com [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
   media01.kyte.tv [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
   media1.break.com [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
   media10.washingtonpost.com [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
   mediaforgews.com [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
   msnbcmedia.msn.com [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
   msntest.serving-sys.com [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
   naiadsystems.com [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
   objects.tremormedia.com [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
   opti.21mediaentertainment.com [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
   richmedia247.com [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
   s0.2mdn.net [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
   sb3nru46o30.members.idols69.com [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
   secure-uk.imrworldwide.com [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
   secure-us.imrworldwide.com [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
   serving-sys.com [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
   spe.atdmt.com [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
   static.2mdn.net [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
   tour.pornclassics.com [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
   udn.specificclick.net [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
   www.classicpornlinks.com [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
   www.crackle.com [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
   www.media.christian-bale.org [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
   www.naiadsystems.com [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
   www.porn.com [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
   www.pornhub.com [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
   www.theclassicporn.com [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
   www.ziporn.com [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
   wwwstatic.megaporn.com [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
   yieldmanager.edgesuite.net [ C:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\KX8GGUV9 ]
   .a1.interclick.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .adbureau.net [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .adcentriconline.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .adinterax.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .adinterax.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .adlegend.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .adopt.specificclick.net [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .ads.mediamayhemcorp.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .ads.mediamayhemcorp.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .ads.mediamayhemcorp.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .ads.mediamayhemcorp.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .ads.pointroll.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .ads.pointroll.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .ads.pointroll.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .ads.pointroll.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .ads.pointroll.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .ads.pointroll.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .adserv.brandaffinity.net [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .adserver.adtechus.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .adserving.cpxinteractive.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .*adult URL* [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .amazonservices.122.2o7.net [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .apmebf.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .asiafriendfinder.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .asiafriendfinder.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .asiafriendfinder.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .at.atwola.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .bellglobemediapublishing.122.2o7.net [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .bonniercorp.122.2o7.net [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .buycom.122.2o7.net [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .californiastateautomobileassociation.1 12.2o7.net [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .caselaw.lp.findlaw.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .cbs.112.2o7.net [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .cbsdigitalmedia.112.2o7.net [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .cengagelearning.112.2o7.net [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .cgm.adbureau.net [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .chicagosuntimes.122.2o7.net [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .clicks.adengage.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .clickshift.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .collective-media.net [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .dc.tremormedia.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .dmtracker.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .dtag.112.2o7.net [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .eas.apm.emediate.eu [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .eas.apm.emediate.eu [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .edge.ru4.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .electronicarts.112.2o7.net [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .elitefitness.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .eyewonder.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .findarticles.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .findarticles.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .findarticles.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .findinternettv.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .gsicace.112.2o7.net [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .hearstmagazines.112.2o7.net [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .hornymatches.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .hornystyle.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .iacas-s.adbureau.net [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .iacas.adbureau.net [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .iacas.adbureau.net [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .iacas.adbureau.net [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .iacas.adbureau.net [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .iacsb1.adbureau.net [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .imediac.adbureau.net [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .imediac.adbureau.net [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .imediaconnection.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .imediaconnection.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .imrworldwide.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .imrworldwide.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .interclick.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .interclick.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .invitemedia.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .invitemedia.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .invitemedia.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .invitemedia.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .kontera.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .likecrack.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .link.mercent.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .linksynergy.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .linksynergy.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .linksynergy.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .media.legacy.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .media.mtvnservices.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .msnaccountservices.112.2o7.net [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .msnbc.112.2o7.net [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .network.realmedia.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .nextag.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .nextag.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .nextag.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .nextag.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .pornoinside.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .*censored*.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .qnsr.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .rotator.adjuggler.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .rotator.adjuggler.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .rotator.adjuggler.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .s.clickability.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .s.clickability.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .safeway.112.2o7.net [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .sfadvertiser.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .singletracks.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .singletracks.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .sixapart.adbureau.net [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .sixapart.adbureau.net [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .sixpackabsexercises.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .sparknetworks.112.2o7.net [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .statcounter.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .statcounter.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .statcounter.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .statcounter.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .thebestporn.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .thefind.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .thefind.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .torontoseeker.com [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .trinitymirror.112.2o7.net [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .ussearch.122.2o7.net [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .viacom.adbureau.net [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .viacom.adbureau.net [ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\cookies.sqlite ]
   .viacom.adbureau.net [

[miolner1]

and last but not least :

Results of screen317's Security Check version 0.99.5 
 Windows XP Service Pack 3 
 Internet Explorer 8 
 Error creating install.txt after 3 tries! Trying alternate method...
 Error creating Process List-- tell your Helper
``````````````````````````````
Antivirus/Firewall Check:
 Windows Firewall Enabled! 
```````````````````````````````
Anti-malware/Other Utilities Check:
````````````````````````````````
Process Check: 
objlist.exe by Laurent
````````````````````````````````
DNS Vulnerability Check:
 GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

[SuperDave]

Did you update your AV program as instructed?

Download ComboFix by sUBs from one of the below links. 

Important! You MUST save ComboFix to your desktop

link # 1
Link # 2

Temporarily disable your Anti-virus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click on ComboFix.exe & follow the prompts.

Vista users Right-Click on ComboFix.exe and select Run as administrator (you will receive a UAC prompt, please allow it)

Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

When the scan completes it will open a text window.
 
Post the contents of that log in your next reply.

Remember to re-enable your Anti-virus and Antispyware protection when ComboFix is complete.

[miolner1]

SuperD, I went ahead and updated my virus protection for AVG....also this is the log from combofix......how does it look now?

ComboFix 10-09-07.03 - User 09/08/2010  11:16:34.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1014.241 [GMT -7:00]
Running from: c:\documents and settings\User\My Documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\User\Recent\Thumbs.db
C:\LOG190.tmp
C:\LOG611.tmp
C:\LOGDA.tmp
C:\LOGDF.tmp
C:\LOGE1.tmp
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\jestertb.dll

.
(((((((((((((((((((((((((   Files Created from 2010-08-08 to 2010-09-08  )))))))))))))))))))))))))))))))
.

2010-09-07 23:48 . 2010-09-07 23:48   --------   d-----w-   c:\documents and settings\LocalService\Application Data\McAfee
2010-09-07 03:49 . 2010-04-29 22:39   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-07 03:49 . 2010-04-29 22:39   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-09-07 03:49 . 2010-09-07 03:49   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-09-07 01:10 . 2010-09-07 01:10   63488   ----a-w-   c:\documents and settings\User\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-07 01:10 . 2010-09-07 01:10   52224   ----a-w-   c:\documents and settings\User\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-09-07 01:10 . 2010-09-07 01:10   117760   ----a-w-   c:\documents and settings\User\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-07 01:09 . 2010-09-07 01:09   --------   d-----w-   c:\documents and settings\User\Application Data\SUPERAntiSpyware.com
2010-09-07 01:09 . 2010-09-07 01:09   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-09-07 01:09 . 2010-09-07 01:09   --------   d-----w-   c:\program files\SUPERAntiSpyware
2010-08-25 04:31 . 2010-08-25 04:31   --------   d-----w-   c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-08-25 04:30 . 2010-08-25 04:30   56   ---ha-w-   c:\windows\system32\ezsidmv.dat
2010-08-25 04:30 . 2010-09-07 23:14   --------   d-----w-   c:\documents and settings\User\Application Data\skypePM
2010-08-25 04:26 . 2010-09-08 06:47   --------   d-----w-   c:\documents and settings\User\Application Data\Skype
2010-08-25 04:26 . 2010-09-08 00:28   --------   d-----w-   c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-08-25 04:26 . 2010-08-25 04:28   --------   d-----w-   c:\documents and settings\User\Local Settings\Application Data\Temp
2010-08-25 04:25 . 2010-08-25 04:25   --------   d-----w-   c:\program files\Common Files\Skype
2010-08-25 04:25 . 2010-08-25 04:26   --------   d-----r-   c:\program files\Skype
2010-08-25 04:25 . 2010-08-25 04:25   --------   d-----w-   c:\documents and settings\All Users\Application Data\Skype
2010-08-12 07:04 . 2010-08-12 07:07   --------   d-----w-   C:\2c2772b9e2d7dcf05a4252b8ab

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-07 23:26 . 2001-01-31 21:18   --------   d-----w-   c:\program files\McAfee Security Scan
2010-09-07 03:28 . 2008-08-03 02:22   --------   d-----w-   c:\documents and settings\User\Application Data\Comodo
2010-09-07 03:28 . 2008-08-03 02:22   --------   d-----w-   c:\program files\COMODO
2010-08-25 04:31 . 2004-11-21 02:35   --------   d-----w-   c:\program files\Google
2010-08-23 05:46 . 2008-08-03 02:13   --------   d-----w-   c:\documents and settings\All Users\Application Data\avg8
2010-08-21 01:11 . 2008-08-02 20:40   42816   ----a-w-   c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-31 05:47 . 2010-07-31 05:47   --------   d-----w-   c:\program files\Microsoft CAPICOM 2.1.0.2
2010-06-30 12:31 . 2004-11-21 00:04   149504   ----a-w-   c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2004-11-21 00:04   916480   ----a-w-   c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2004-11-21 00:04   1851904   ----a-w-   c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-11-21 00:04   354304   ----a-w-   c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-11-21 00:04   80384   ----a-w-   c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2004-11-21 01:19   744448   ----a-w-   c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2004-11-21 00:04   1172480   ----a-w-   c:\windows\system32\msxml3.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-31 4670704]
"AOL Fast Start"="c:\program files\AOL 9.1\AOL.EXE" [2008-06-03 50528]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2001-02-18 2048352]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-11-06 5406720]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"Netscape"="c:\program files\Common Files\ISPCOMP\InstallService.exe" [2005-09-07 173568]
"HostManager"="c:\program files\Common Files\AOL\1217722696\ee\AOLSoftware.exe" [2007-05-25 42032]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2001-01-02 16:08   11952   ----a-w-   c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2004-10-27 23:40   73728   ----a-w-   c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2004-10-14 00:00   57344   -c--a-w-   c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
2008-06-03 05:35   50528   ----a-w-   c:\program files\AOL 9.1\aol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
2006-10-23 12:50   71216   ----a-r-   c:\program files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2003-11-08 00:21   114688   -c--a-w-   c:\program files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO SafeSurf]
2008-08-03 02:23   278264   -c--a-w-   c:\program files\COMODO\SafeSurf\cssurf.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreateCD_Reminder]
2004-07-16 19:17   53248   -c--a-w-   c:\windows\SONYSYS\VAIO Recovery\Reminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12   15360   ----a-w-   c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2007-04-09 19:32   19456   -c--a-w-   c:\windows\system32\CtHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
2007-04-09 19:32   19968   -c--a-w-   c:\windows\system32\Ctxfihlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2007-05-25 17:16   42032   ----a-w-   c:\program files\Common Files\AOL\1217722696\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2004-10-08 15:27   126976   -c--a-w-   c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2004-10-08 15:31   155648   -c--a-w-   c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
2004-02-20 22:12   32768   -c--a-w-   c:\program files\Sony\ISB Utility\ISBMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2004-11-06 05:05   5406720   ----a-w-   c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
2007-09-04 21:52   54576   -c--a-w-   c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2008-08-02 20:50   26112   ----a-w-   c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefaultMIDI]
2007-04-09 19:19   28672   -c--a-w-   c:\windows\system32\MIDIDEF.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SonyPowerCfg]
2004-10-22 03:12   184320   ----a-w-   c:\program files\Sony\VAIO Power Management\SPMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Switcher.exe]
2004-10-26 06:20   167936   ----a-w-   c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Recovery]
2003-04-20 05:08   28672   -c--a-w-   c:\windows\SONYSYS\VAIO Recovery\PartSeal.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Update 2]
2004-09-22 02:54   151552   ----a-w-   c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2007-08-31 01:43   4670704   ----a-w-   c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\1217722696\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Documents and Settings\\User\\My Documents\\Downloads\\SweetImSetup.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/2/2008 7:13 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/2/2008 7:13 PM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [8/2/2008 7:13 PM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [8/2/2008 7:13 PM 297752]
S2 dkohxnk;Update Universal;c:\windows\system32\svchost.exe -k netsvcs [11/20/2004 5:04 PM 14336]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/24/2010 9:26 PM 136176]
S2 rvjuka;System Windows;c:\windows\system32\svchost.exe -k netsvcs [11/20/2004 5:04 PM 14336]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 5:49 AM 227232]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
dkohxnk
rvjuka
.
Contents of the 'Scheduled Tasks' folder

2010-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-25 04:26]

2010-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-25 04:26]
.
.
------- Supplementary Scan -------
.
uStart Page = home.netscape.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJPI150.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPOJI610.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-NetscapeClient - (no file)
MSConfigStartUp-COMODO Firewall Pro - c:\program files\COMODO\Firewall\cfp.exe
MSConfigStartUp-Mouse Suite 98 Daemon - ICO.EXE
MSConfigStartUp-MSMSGS - c:\program files\Messenger\msmsgs.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\qttask.exe
AddRemove-CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_20030003 - c:\program files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_20030003\HXFSETUP.EXE -U -IHDAUDIO\FUNC_02&VEN_14F1&DEV_2BFA&SUBSYS_20030003



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-08 11:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dkohxnk]
"ServiceDll"="c:\windows\system32\zkfibbc.dll"
--

[SuperDave]

You have Viewpoint installed.

Viewpoint Media Player/Manager/Toolbar is considered as Foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".

More information:

* ViewMgr.exe - Useless
* Viewpoint to Plunge Into Adware

It is suggested to remove the program now. Go to Start > Control Panel > Add/Remove Programs - (Vista & Win7 is Programs and Features) and remove the following programs if present.

* Viewpoint
* Viewpoint Manager
* Viewpoint Media Player
* Viewpoint Toolbar
* Viewpoint Experience Technology

*********************************

This does not appear to be the full log for ComboFix. Could you please run it again and post the log.

[miolner1]

This is the most recent combofix log :

ComboFix 10-09-08.01 - User 09/08/2010  17:14:28.2.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1014.417 [GMT -7:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

(((((((((((((((((((((((((   Files Created from 2010-08-09 to 2010-09-09  )))))))))))))))))))))))))))))))
.

2010-09-07 23:48 . 2010-09-07 23:48   --------   d-----w-   c:\documents and settings\LocalService\Application Data\McAfee
2010-09-07 03:49 . 2010-04-29 22:39   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-07 03:49 . 2010-04-29 22:39   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-09-07 03:49 . 2010-09-07 03:49   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-09-07 01:10 . 2010-09-07 01:10   63488   ----a-w-   c:\documents and settings\User\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-07 01:10 . 2010-09-07 01:10   52224   ----a-w-   c:\documents and settings\User\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-09-07 01:10 . 2010-09-07 01:10   117760   ----a-w-   c:\documents and settings\User\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-07 01:09 . 2010-09-07 01:09   --------   d-----w-   c:\documents and settings\User\Application Data\SUPERAntiSpyware.com
2010-09-07 01:09 . 2010-09-07 01:09   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-09-07 01:09 . 2010-09-07 01:09   --------   d-----w-   c:\program files\SUPERAntiSpyware
2010-08-25 04:31 . 2010-08-25 04:31   --------   d-----w-   c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-08-25 04:30 . 2010-08-25 04:30   56   ---ha-w-   c:\windows\system32\ezsidmv.dat
2010-08-25 04:30 . 2010-09-07 23:14   --------   d-----w-   c:\documents and settings\User\Application Data\skypePM
2010-08-25 04:26 . 2010-09-08 06:47   --------   d-----w-   c:\documents and settings\User\Application Data\Skype
2010-08-25 04:26 . 2010-09-08 00:28   --------   d-----w-   c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-08-25 04:26 . 2010-08-25 04:28   --------   d-----w-   c:\documents and settings\User\Local Settings\Application Data\Temp
2010-08-25 04:25 . 2010-08-25 04:25   --------   d-----w-   c:\program files\Common Files\Skype
2010-08-25 04:25 . 2010-08-25 04:26   --------   d-----r-   c:\program files\Skype
2010-08-25 04:25 . 2010-08-25 04:25   --------   d-----w-   c:\documents and settings\All Users\Application Data\Skype
2010-08-12 07:04 . 2010-08-12 07:07   --------   d-----w-   C:\2c2772b9e2d7dcf05a4252b8ab

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-09 00:12 . 2010-09-09 00:12   --------   d-----w-   c:\program files\MetaStream
2010-09-07 23:26 . 2001-01-31 21:18   --------   d-----w-   c:\program files\McAfee Security Scan
2010-09-07 03:28 . 2008-08-03 02:22   --------   d-----w-   c:\documents and settings\User\Application Data\Comodo
2010-09-07 03:28 . 2008-08-03 02:22   --------   d-----w-   c:\program files\COMODO
2010-08-25 04:31 . 2004-11-21 02:35   --------   d-----w-   c:\program files\Google
2010-08-23 05:46 . 2008-08-03 02:13   --------   d-----w-   c:\documents and settings\All Users\Application Data\avg8
2010-08-21 01:11 . 2008-08-02 20:40   42816   ----a-w-   c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-31 05:47 . 2010-07-31 05:47   --------   d-----w-   c:\program files\Microsoft CAPICOM 2.1.0.2
2010-06-30 12:31 . 2004-11-21 00:04   149504   ----a-w-   c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2004-11-21 00:04   916480   ----a-w-   c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2004-11-21 00:04   1851904   ----a-w-   c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-11-21 00:04   354304   ----a-w-   c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-11-21 00:04   80384   ----a-w-   c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2004-11-21 01:19   744448   ----a-w-   c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2004-11-21 00:04   1172480   ----a-w-   c:\windows\system32\msxml3.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-31 4670704]
"AOL Fast Start"="c:\program files\AOL 9.1\AOL.EXE" [2008-06-03 50528]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2001-02-18 2048352]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-11-06 5406720]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"Netscape"="c:\program files\Common Files\ISPCOMP\InstallService.exe" [2005-09-07 173568]
"HostManager"="c:\program files\Common Files\AOL\1217722696\ee\AOLSoftware.exe" [2007-05-25 42032]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2001-01-02 16:08   11952   ----a-w-   c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2004-10-27 23:40   73728   ----a-w-   c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2004-10-14 00:00   57344   -c--a-w-   c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
2008-06-03 05:35   50528   ----a-w-   c:\program files\AOL 9.1\aol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
2006-10-23 12:50   71216   ----a-r-   c:\program files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2003-11-08 00:21   114688   -c--a-w-   c:\program files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO SafeSurf]
2008-08-03 02:23   278264   -c--a-w-   c:\program files\COMODO\SafeSurf\cssurf.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreateCD_Reminder]
2004-07-16 19:17   53248   -c--a-w-   c:\windows\SONYSYS\VAIO Recovery\Reminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12   15360   ----a-w-   c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2007-04-09 19:32   19456   -c--a-w-   c:\windows\system32\CtHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
2007-04-09 19:32   19968   -c--a-w-   c:\windows\system32\Ctxfihlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2007-05-25 17:16   42032   ----a-w-   c:\program files\Common Files\AOL\1217722696\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2004-10-08 15:27   126976   -c--a-w-   c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2004-10-08 15:31   155648   -c--a-w-   c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
2004-02-20 22:12   32768   -c--a-w-   c:\program files\Sony\ISB Utility\ISBMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2004-11-06 05:05   5406720   ----a-w-   c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
2007-09-04 21:52   54576   -c--a-w-   c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2008-08-02 20:50   26112   ----a-w-   c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefaultMIDI]
2007-04-09 19:19   28672   -c--a-w-   c:\windows\system32\MIDIDEF.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SonyPowerCfg]
2004-10-22 03:12   184320   ----a-w-   c:\program files\Sony\VAIO Power Management\SPMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Switcher.exe]
2004-10-26 06:20   167936   ----a-w-   c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Recovery]
2003-04-20 05:08   28672   -c--a-w-   c:\windows\SONYSYS\VAIO Recovery\PartSeal.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Update 2]
2004-09-22 02:54   151552   ----a-w-   c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2007-08-31 01:43   4670704   ----a-w-   c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\1217722696\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Documents and Settings\\User\\My Documents\\Downloads\\SweetImSetup.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/2/2008 7:13 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/2/2008 7:13 PM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [8/2/2008 7:13 PM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [8/2/2008 7:13 PM 297752]
S2 dkohxnk;Update Universal;c:\windows\system32\svchost.exe -k netsvcs [11/20/2004 5:04 PM 14336]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/24/2010 9:26 PM 136176]
S2 rvjuka;System Windows;c:\windows\system32\svchost.exe -k netsvcs [11/20/2004 5:04 PM 14336]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 5:49 AM 227232]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
dkohxnk
rvjuka
.
Contents of the 'Scheduled Tasks' folder

2010-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-25 04:26]

2010-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-25 04:26]
.
.
------- Supplementary Scan -------
.
uStart Page = home.netscape.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJPI150.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPOJI610.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
.
.
------- File Associations -------
.
.scr=REG_SZ         
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-08 17:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dkohxnk]
"ServiceDll"="c:\windows\system32\zkfibbc.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rvjuka]
"ServiceDll"="c:\windows\system32\zkfibbc.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(864)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\VESWinlogon.dll

- - - - - - - > 'explorer.exe'(2800)
c:\windows\system32\WININET.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2010-09-08  17:22:56
ComboFix-quarantined-files.txt  2010-09-09 00:22
ComboFix2.txt  2010-09-08 18:27

Pre-Run: 43,316,379,648 bytes free
Post-Run: 43,323,912,192 bytes free

- - End Of File - - 0B216D6F8340B641DA9DBAE06C76C18B

[SuperDave]

* Download the following tool: RootRepeal - Rootkit Detector
* Direct download link is here: RootRepeal.zip

* Close all programs and temporarily disable your anti-virus, Firewall and any anti-malware real-time protection before performing a scan.
* Click this link to see a list of such programs and how to disable them.

* Extract the program file to a new folder such as C:\RootRepeal
* Run the program RootRepeal.exe and go to the REPORT tab and click on the Scan button.
* Select ALL of the checkboxes and then click OK and it will start scanning your system.
* If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
* When done, click on Save Report
* Save it to the same location where you ran it from, such as C:RootRepeal
* Save it as rootrepeal.txt
* Then open that log and select all and copy/paste it back on your next reply please.
* Close RootRepeal.

[miolner1]

Dave, here is the Rootrepeal log as requested:


ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:      2010/09/10 12:59
Program Version:      Version 1.3.5.0
Windows Version:      Windows XP SP3
==================================================

Drivers
-------------------
Name: catchme.sys
Image Path: C:\DOCUME~1\User\LOCALS~1\Temp\catchme.sys
Address: 0xF7A24000   Size: 31744   File Visible: No   Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA9BFE000   Size: 98304   File Visible: No   Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7BCC000   Size: 8192   File Visible: No   Signed: -
Status: -

Name: mbr.sys
Image Path: C:\DOCUME~1\User\LOCALS~1\Temp\mbr.sys
Address: 0xF7924000   Size: 20864   File Visible: No   Signed: -
Status: -

Name: PROCEXP113.SYS
Image Path: C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
Address: 0xF7BF4000   Size: 7872   File Visible: No   Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA9C87000   Size: 49152   File Visible: No   Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: c:\vetlog.txt
Status: Size mismatch (API: 3459032, Raw: 3456235)

Path: c:\windows\temp\11521233-e01b-42e5-b421-00dfffd94be2.tmp
Status: Allocation size mismatch (API: 65536, Raw: 0)

Path: c:\documents and settings\all users\application data\aol\c_aol 9.1\shellmon.ph
Status: Size mismatch (API: 5220, Raw: 3023)

Hidden Services
-------------------
Service Name: dkohxnk
Image Path: %SystemRoot%\system32\svchost.exe -k netsvcs

Service Name: rvjuka
Image Path: %SystemRoot%\system32\svchost.exe -k netsvcs

==EOF==

[SuperDave]

Re-running ComboFix to remove infections:

• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Open notepad and copy/paste the text in the quotebox below into it:
  

  KillAll::
  
  File::
  c:\windows\temp\11521233-e01b-42e5-b421-00dfffd94be2.tmp
  
  NetSvc::
  dkohxnk
  rvjuka
  
  Driver::
  dkohxnk
  rvjuka
  
  File::
  c:\windows\system32\zkfibbc.dll
  
  Registry::
  [-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dkohxnk]
  [-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rvjuka]
  
  
• Save this as CFScript.txt, in the same location as ComboFix.exe
  
  
  
  
• Referring to the picture above, drag CFScript into ComboFix.exe
• When finished, it shall produce a log for you at C:\ComboFix.txt
  
• Please post the contents of the log in your next reply.

[miolner1]

The latest combofix log for you Dave:

ComboFix 10-09-08.01 - User 09/10/2010  22:05:34.3.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1014.507 [GMT -7:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\User\Desktop\cfscript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\windows\system32\zkfibbc.dll"
"c:\windows\temp\11521233-e01b-42e5-b421-00dfffd94be2.tmp"
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DKOHXNK
-------\Legacy_RVJUKA
-------\Service_dkohxnk
-------\Service_rvjuka


(((((((((((((((((((((((((   Files Created from 2010-08-11 to 2010-09-11  )))))))))))))))))))))))))))))))
.

2010-09-10 19:58 . 2010-09-10 19:58   0   ----a-w-   c:\documents and settings\User\settings.dat
2010-09-09 21:55 . 2009-10-07 08:47   266008   ----a-r-   c:\windows\system32\drivers\lvrs.sys
2010-09-09 21:55 . 2009-10-07 08:24   34068   ----a-r-   c:\windows\system32\Repository.reg
2010-09-09 21:55 . 2009-10-07 08:48   539160   ----a-r-   c:\windows\system32\LVUI2RC.dll
2010-09-09 21:55 . 2009-10-07 08:48   539160   ----a-r-   c:\windows\system32\LVUI2.dll
2010-09-09 21:55 . 2009-10-07 08:43   199192   ----a-r-   c:\windows\system32\lvci12101110.dll
2010-09-09 21:55 . 2009-10-07 08:43   416280   ----a-r-   c:\windows\system32\lvcodec2.dll
2010-09-09 21:55 . 2009-10-07 08:49   6756632   ----a-r-   c:\windows\system32\drivers\lvuvc.sys
2010-09-09 21:41 . 2010-09-09 21:41   --------   d-----w-   c:\documents and settings\User\Local Settings\Application Data\LogiShrd
2010-09-09 21:39 . 2009-10-07 08:49   23832   ----a-r-   c:\windows\system32\drivers\lvuvcflt.sys
2010-09-09 21:39 . 2010-09-09 21:40   --------   dc----w-   c:\windows\system32\DRVSTORE
2010-09-09 21:37 . 2010-09-09 21:55   --------   d-----w-   c:\program files\Common Files\LogiShrd
2010-09-09 21:37 . 2010-09-10 22:29   --------   d-----w-   c:\documents and settings\All Users\Application Data\LogiShrd
2010-09-09 21:37 . 2010-09-09 21:41   --------   d-----w-   c:\program files\Logitech
2010-09-09 21:37 . 2008-04-13 18:39   5504   -c--a-w-   c:\windows\system32\dllcache\mstee.sys
2010-09-09 21:37 . 2008-04-13 18:39   5504   ----a-w-   c:\windows\system32\drivers\MSTEE.sys
2010-09-09 21:37 . 2008-04-13 18:46   10880   -c--a-w-   c:\windows\system32\dllcache\ndisip.sys
2010-09-09 21:37 . 2008-04-13 18:46   10880   ----a-w-   c:\windows\system32\drivers\NdisIP.sys
2010-09-09 21:36 . 2008-04-13 18:46   15232   -c--a-w-   c:\windows\system32\dllcache\streamip.sys
2010-09-09 21:36 . 2008-04-13 18:46   15232   ----a-w-   c:\windows\system32\drivers\StreamIP.sys
2010-09-09 21:36 . 2008-04-13 18:46   11136   -c--a-w-   c:\windows\system32\dllcache\slip.sys
2010-09-09 21:36 . 2008-04-13 18:46   11136   ----a-w-   c:\windows\system32\drivers\SLIP.sys
2010-09-09 21:36 . 2008-04-13 18:46   19200   -c--a-w-   c:\windows\system32\dllcache\wstcodec.sys
2010-09-09 21:36 . 2008-04-13 18:46   19200   ----a-w-   c:\windows\system32\drivers\WSTCODEC.SYS
2010-09-09 21:36 . 2008-04-13 18:46   85248   -c--a-w-   c:\windows\system32\dllcache\nabtsfec.sys
2010-09-09 21:36 . 2008-04-13 18:46   85248   ----a-w-   c:\windows\system32\drivers\NABTSFEC.sys
2010-09-09 21:36 . 2008-04-13 18:46   17024   -c--a-w-   c:\windows\system32\dllcache\ccdecode.sys
2010-09-09 21:36 . 2008-04-13 18:46   17024   ----a-w-   c:\windows\system32\drivers\CCDECODE.sys
2010-09-09 21:36 . 2008-04-13 18:45   60032   -c--a-w-   c:\windows\system32\dllcache\usbaudio.sys
2010-09-09 21:36 . 2008-04-13 18:45   60032   ----a-w-   c:\windows\system32\drivers\USBAUDIO.sys
2010-09-09 21:35 . 2008-04-14 00:12   53760   -c--a-w-   c:\windows\system32\dllcache\vfwwdm32.dll
2010-09-09 21:35 . 2008-04-14 00:12   53760   ----a-w-   c:\windows\system32\vfwwdm32.dll
2010-09-09 21:35 . 2008-04-13 18:45   32128   -c--a-w-   c:\windows\system32\dllcache\usbccgp.sys
2010-09-09 21:35 . 2008-04-13 18:45   32128   ----a-w-   c:\windows\system32\drivers\usbccgp.sys
2010-09-09 00:12 . 2010-09-09 00:12   --------   d-----w-   c:\program files\MetaStream
2010-09-07 23:48 . 2010-09-07 23:48   --------   d-----w-   c:\documents and settings\LocalService\Application Data\McAfee
2010-09-07 03:49 . 2010-04-29 22:39   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-07 03:49 . 2010-04-29 22:39   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-09-07 03:49 . 2010-09-07 03:49   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-09-07 01:09 . 2010-09-07 01:09   --------   d-----w-   c:\documents and settings\User\Application Data\SUPERAntiSpyware.com
2010-09-07 01:09 . 2010-09-07 01:09   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-09-07 01:09 . 2010-09-07 01:09   --------   d-----w-   c:\program files\SUPERAntiSpyware
2010-08-25 04:31 . 2010-08-25 04:31   --------   d-----w-   c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-08-25 04:30 . 2010-08-25 04:30   56   ---ha-w-   c:\windows\system32\ezsidmv.dat
2010-08-25 04:30 . 2010-09-11 01:43   --------   d-----w-   c:\documents and settings\User\Application Data\skypePM
2010-08-25 04:26 . 2010-09-11 05:20   --------   d-----w-   c:\documents and settings\User\Application Data\Skype
2010-08-25 04:26 . 2010-09-08 00:28   --------   d-----w-   c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-08-25 04:26 . 2010-08-25 04:28   --------   d-----w-   c:\documents and settings\User\Local Settings\Application Data\Temp
2010-08-25 04:25 . 2010-08-25 04:25   --------   d-----w-   c:\program files\Common Files\Skype
2010-08-25 04:25 . 2010-08-25 04:26   --------   d-----r-   c:\program files\Skype
2010-08-25 04:25 . 2010-08-25 04:25   --------   d-----w-   c:\documents and settings\All Users\Application Data\Skype
2010-08-12 07:04 . 2010-08-12 07:07   --------   d-----w-   C:\2c2772b9e2d7dcf05a4252b8ab

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-09 21:55 . 2010-09-09 21:55   0   ----a-w-   c:\windows\system32\drivers\lvuvc.hs
2010-09-09 21:55 . 2010-09-09 21:39   0   ----a-w-   c:\windows\system32\drivers\logiflt.iad
2010-09-07 23:26 . 2001-01-31 21:18   --------   d-----w-   c:\program files\McAfee Security Scan
2010-09-07 03:28 . 2008-08-03 02:22   --------   d-----w-   c:\documents and settings\User\Application Data\Comodo
2010-09-07 03:28 . 2008-08-03 02:22   --------   d-----w-   c:\program files\COMODO
2010-09-07 01:10 . 2010-09-07 01:10   63488   ----a-w-   c:\documents and settings\User\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-07 01:10 . 2010-09-07 01:10   52224   ----a-w-   c:\documents and settings\User\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-09-07 01:10 . 2010-09-07 01:10   117760   ----a-w-   c:\documents and settings\User\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-25 04:31 . 2004-11-21 02:35   --------   d-----w-   c:\program files\Google
2010-08-23 05:46 . 2008-08-03 02:13   --------   d-----w-   c:\documents and settings\All Users\Application Data\avg8
2010-08-21 01:11 . 2008-08-02 20:40   42816   ----a-w-   c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-31 05:47 . 2010-07-31 05:47   --------   d-----w-   c:\program files\Microsoft CAPICOM 2.1.0.2
2010-06-30 12:31 . 2004-11-21 00:04   149504   ----a-w-   c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2004-11-21 00:04   916480   ----a-w-   c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2004-11-21 00:04   1851904   ----a-w-   c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-11-21 00:04   354304   ----a-w-   c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-11-21 00:04   80384   ----a-w-   c:\windows\system32\iccvid.dll
2010-06-15 00:23 . 2010-09-09 14:28   607472   ----a-w-   c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe
2010-06-14 14:31 . 2004-11-21 01:19   744448   ----a-w-   c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2004-11-21 00:04   1172480   ----a-w-   c:\windows\system32\msxml3.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-31 4670704]
"AOL Fast Start"="c:\program files\AOL 9.1\AOL.EXE" [2008-06-03 50528]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"Logitech Vid"="c:\program files\Logitech\Logitech Vid\vid.exe" [2009-07-16 5458704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2001-02-18 2048352]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-11-06 5406720]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"Netscape"="c:\program files\Common Files\ISPCOMP\InstallService.exe" [2005-09-07 173568]
"HostManager"="c:\program files\Common Files\AOL\1217722696\ee\AOLSoftware.exe" [2007-05-25 42032]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]

c:\documents and settings\User\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - c:\program files\Logitech\Logitech WebCam Software\eReg.exe [2009-10-14 517384]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2001-01-02 16:08   11952   ----a-w-   c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2004-10-27 23:40   73728   ----a-w-   c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2004-10-14 00:00   57344   -c--a-w-   c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
2008-06-03 05:35   50528   ----a-w-   c:\program files\AOL 9.1\aol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
2006-10-23 12:50   71216   ----a-r-   c:\program files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2003-11-08 00:21   114688   -c--a-w-   c:\program files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO SafeSurf]
2008-08-03 02:23   278264   -c--a-w-   c:\program files\COMODO\SafeSurf\cssurf.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreateCD_Reminder]
2004-07-16 19:17   53248   -c--a-w-   c:\windows\SONYSYS\VAIO Recovery\Reminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12   15360   ----a-w-   c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2007-04-09 19:32   19456   -c--a-w-   c:\windows\system32\CtHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
2007-04-09 19:32   19968   -c--a-w-   c:\windows\system32\Ctxfihlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2007-05-25 17:16   42032   ----a-w-   c:\program files\Common Files\AOL\1217722696\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2004-10-08 15:27   126976   -c--a-w-   c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2004-10-08 15:31   155648   -c--a-w-   c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
2004-02-20 22:12   32768   -c--a-w-   c:\program files\Sony\ISB Utility\ISBMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2004-11-06 05:05   5406720   ----a-w-   c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
2007-09-04 21:52   54576   -c--a-w-   c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2008-08-02 20:50   26112   ----a-w-   c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefaultMIDI]
2007-04-09 19:19   28672   -c--a-w-   c:\windows\system32\MIDIDEF.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SonyPowerCfg]
2004-10-22 03:12   184320   ----a-w-   c:\program files\Sony\VAIO Power Management\SPMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Switcher.exe]
2004-10-26 06:20   167936   ----a-w-   c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Recovery]
2003-04-20 05:08   28672   -c--a-w-   c:\windows\SONYSYS\VAIO Recovery\PartSeal.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Update 2]
2004-09-22 02:54   151552   ----a-w-   c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2007-08-31 01:43   4670704   ----a-w-   c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\1217722696\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Documents and Settings\\User\\My Documents\\Downloads\\SweetImSetup.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/2/2008 7:13 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/2/2008 7:13 PM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [8/2/2008 7:13 PM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [8/2/2008 7:13 PM 297752]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/24/2010 9:26 PM 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 5:49 AM 227232]
.
Contents of the 'Scheduled Tasks' folder

2010-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-25 04:26]

2010-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-25 04:26]
.
.
------- Supplementary Scan -------
.
uStart Page = home.netscape.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJPI150.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPOJI610.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-10 22:18
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(860)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\VESWinlogon.dll

- - - - - - - > 'explorer.exe'(1956)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\windows\wanmpsvc.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\igfxext.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\program files\AOL 9.1\waol.exe
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\AOL 9.1\shellmon.exe
.
**************************************************************************
.
Completion time: 2010-09-10  22:26:34 - machine was rebooted
ComboFix-quarantined-files.txt  2010-09-11 05:26
ComboFix2.txt  2010-09-09 00:22
ComboFix3.txt  2010-09-08 18:27

Pre-Run: 42,967,670,784 bytes free
Post-Run: 43,021,565,952 bytes free

- - End Of File - - D10BE20726567B1507D3F672D9967944

[SuperDave]

How's your computer working now? Do you still have problems with Yahoo Msg?

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

[miolner1]

Steve and helpers, Yahoo Msg is now working like a charm. Kudos for the time spent in helping me resolve this issue. I have provided the eset log below :

C:\Desktop\Flash_Disinfector.exe   probably a variant of Win32/Agent.BWFKHA trojan
C:\Documents and Settings\User\My Documents\setupxv.exe.vir   probably a variant of Win32/TrojanDownloader.Banload.KDRCNRT trojan
C:\Program Files\RegistryFix7\UninstlDll.dll   Win32/Adware.ErrorClean application
C:\Program Files\Sony\Welcome to VAIO life\Internet Services.exe   probably a variant of Win32/TrojanDropper.Agent.BLQHZVO trojan
C:\Program Files\Sony\Welcome to VAIO life\VAIO zone.exe   probably a variant of Win32/TrojanDropper.Agent.FYKSNPZ trojan
C:\System Volume Information\_restore{0803D443-492F-46D4-A7CD-A0F2180414C9}\RP15\A0006085.DLL   a variant of Win32/Toolbar.MyWebSearch application
C:\System Volume Information\_restore{0803D443-492F-46D4-A7CD-A0F2180414C9}\RP16\A0006125.DLL   Win32/Toolbar.AskSBar application

[SuperDave]

The ESET log doesn't show that the infections were removed. Please run it again. There should be a box just above the "Scan archives" box alread checked. Please ensure that this box remains checked and run the scan.

[miolner1]

I ran the scanner again and selected both boxes this time:

C:\Desktop\Flash_Disinfector.exe   probably a variant of Win32/Agent.BWFKHA trojan   cleaned by deleting - quarantined
C:\Documents and Settings\User\My Documents\setupxv.exe.vir   probably a variant of Win32/TrojanDownloader.Banload.KDRCNRT trojan   cleaned by deleting - quarantined
C:\Program Files\RegistryFix7\UninstlDll.dll   Win32/Adware.ErrorClean application   cleaned by deleting - quarantined
C:\Program Files\Sony\Welcome to VAIO life\Internet Services.exe   probably a variant of Win32/TrojanDropper.Agent.BLQHZVO trojan   cleaned by deleting - quarantined
C:\Program Files\Sony\Welcome to VAIO life\VAIO zone.exe   probably a variant of Win32/TrojanDropper.Agent.FYKSNPZ trojan   cleaned by deleting - quarantined
C:\System Volume Information\_restore{0803D443-492F-46D4-A7CD-A0F2180414C9}\RP15\A0006085.DLL   a variant of Win32/Toolbar.MyWebSearch application   cleaned by deleting - quarantined
C:\System Volume Information\_restore{0803D443-492F-46D4-A7CD-A0F2180414C9}\RP16\A0006125.DLL   Win32/Toolbar.AskSBar application   cleaned by deleting - quarantined
C:\System Volume Information\_restore{0803D443-492F-46D4-A7CD-A0F2180414C9}\RP22\A0007280.exe   probably a variant of Win32/Agent.BWFKHA trojan   cleaned by deleting - quarantined
C:\System Volume Information\_restore{0803D443-492F-46D4-A7CD-A0F2180414C9}\RP22\A0007281.dll   Win32/Adware.ErrorClean application   cleaned by deleting - quarantined
C:\System Volume Information\_restore{0803D443-492F-46D4-A7CD-A0F2180414C9}\RP22\A0007282.exe   probably a variant of Win32/TrojanDropper.Agent.BLQHZVO trojan   cleaned by deleting - quarantined
C:\System Volume Information\_restore{0803D443-492F-46D4-A7CD-A0F2180414C9}\RP22\A0007283.exe   probably a variant of Win32/TrojanDropper.Agent.FYKSNPZ trojan   cleaned by deleting - quarantined

[miolner1]

Dave, okay so progress update at the ready. Yahoo msg now opens fine....but there are some serious time delays now from the time I startup till my browser opens .....and with closing one webpage and opening another , the closing webpage takes longer to dissappear than before and also the activity light on my pc seems to be working really hard at something all the time....I mean all the time ......what do you think?

[SuperDave]

Download the Fix IE Utility to your desktop.

Before running the utility, make sure that all your Internet Explorer windows are closed!

* Extract the contents of the .zip file to your desktop.
* Double click the Fix IE Utility button to run the tool.
* Click Run Utility
* Click OK when you see 'Re-registered all files'
* Open Internet Explorer and see how it works.

******************************************
Download Process Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
Unzip ProcessExplorer.zip, and double click on procexp.exe to run the program.
Click on View > Select Colunms.
In addition to already pre-selected options, make sure, the Command Line is selected, and press OK.
Go File>Save As, and save the report as Procexp.txt.
Attach the file to your next reply.

[miolner1]

The Procexp log as requested:

Process   PID   CPU   Private Bytes   Working Set   Description   Company Name   Command Line
System Idle Process   0   98.46   0 K   28 K         
 Interrupts   n/a      0 K   0 K   Hardware Interrupts      
 DPCs   n/a      0 K   0 K   Deferred Procedure Calls      
 System   4      0 K   57,188 K         
  smss.exe   764      172 K   276 K   Windows NT Session Manager   Microsoft Corporation   \SystemRoot\System32\smss.exe
   csrss.exe   836      2,368 K   5,928 K   Client Server Runtime Process   Microsoft Corporation   C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
   winlogon.exe   860      6,760 K   4,048 K   Windows NT Logon Application   Microsoft Corporation   winlogon.exe
    services.exe   904   1.54   1,956 K   2,824 K   Services and Controller app   Microsoft Corporation   C:\WINDOWS\system32\services.exe
     svchost.exe   1080      3,288 K   3,568 K   Generic Host Process for Win32 Services   Microsoft Corporation   C:\WINDOWS\system32\svchost -k DcomLaunch
      igfxext.exe   668      1,508 K   2,396 K   igfxext Module   Intel Corporation   C:\WINDOWS\system32\igfxext.exe -Embedding
      COCIManager.exe   300      2,848 K   2,712 K   Camera Control Interface   Logitech Inc.   "C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe" -Embedding
      wmiprvse.exe   5968      3,092 K   8,140 K   WMI   Microsoft Corporation   C:\WINDOWS\system32\wbem\wmiprvse.exe
      SkypeNames2.exe   1500      888 K   3,408 K   SkypeNames   Skype Technologies S.A.   "C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe" -Embedding
     svchost.exe   1132      2,144 K   3,088 K   Generic Host Process for Win32 Services   Microsoft Corporation   C:\WINDOWS\system32\svchost -k rpcss
     svchost.exe   1280      26,324 K   34,664 K   Generic Host Process for Win32 Services   Microsoft Corporation   C:\WINDOWS\System32\svchost.exe -k netsvcs
     svchost.exe   1348      1,868 K   3,208 K   Generic Host Process for Win32 Services   Microsoft Corporation   C:\WINDOWS\system32\svchost.exe -k NetworkService
     svchost.exe   1596      1,580 K   2,692 K   Generic Host Process for Win32 Services   Microsoft Corporation   C:\WINDOWS\system32\svchost.exe -k LocalService
     spoolsv.exe   1892      3,320 K   3,268 K   Spooler SubSystem App   Microsoft Corporation   C:\WINDOWS\system32\spoolsv.exe
     svchost.exe   720      1,456 K   2,400 K   Generic Host Process for Win32 Services   Microsoft Corporation   C:\WINDOWS\system32\svchost.exe -k LocalService
     AOLacsd.exe   756      5,644 K   4,308 K   AOL Connectivity Service   AOL LLC   C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
     avgwdsvc.exe   788      4,824 K   2,544 K   AVG Watchdog Service   AVG Technologies CZ, s.r.o.   C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
      avgrsx.exe   1528      15,672 K   14,068 K   AVG Resident Shield Service   AVG Technologies CZ, s.r.o.   avgrsx.exe
      avgnsx.exe   316      11,276 K   792 K   AVG Network scanner Service   AVG Technologies CZ, s.r.o.   avgnsx.exe
     LVPrcSrv.exe   1044      1,080 K   1,864 K   Logitech LVPrcSrv Module.   Logitech Inc.   "C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe"
     McciCMService.exe   1492      2,140 K   2,084 K   mcci+McciCMService   Motive Communications, Inc.   "C:\Program Files\Common Files\Motive\McciCMService.exe"
     RegSrvc.exe   1688      824 K   1,456 K   RegSrvc Module   Intel Corporation   "C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe"
     svchost.exe   1608      2,588 K   3,316 K   Generic Host Process for Win32 Services   Microsoft Corporation   C:\WINDOWS\system32\svchost.exe -k imgsvc
     wdfmgr.exe   168      1,656 K   1,100 K   Windows User Mode Driver Manager   Microsoft Corporation   C:\WINDOWS\system32\wdfmgr.exe
     VESMgr.exe   204      3,540 K   2,668 K   VAIO Event Service (Service Module)   Sony Corporation   "C:\Program Files\Sony\VAIO Event Service\VESMgr.exe"
     VCSW.exe   248      3,096 K   3,280 K   VAIO Entertainment UPnP Client Adapter   Sony Corporation   "C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe" -RunBySCM
     wanmpsvc.exe   352      916 K   340 K   Wan Miniport (ATW) Service   America Online, Inc.   "C:\WINDOWS\wanmpsvc.exe"
     YahooAUService.exe   456      6,420 K   6,712 K   AutoUpater Service Module   Yahoo! Inc.   "C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe"
     avgemc.exe   536      4,252 K   868 K   AVG E-Mail Scanner   AVG Technologies CZ, s.r.o.   C:\PROGRA~1\AVG\AVG8\avgemc.exe
      avgcsrvx.exe   2260      8,912 K   3,292 K   AVG Scanning Core Module - Server Part   AVG Technologies CZ, s.r.o.    /pipeName=83687938-965e-4ed7-9ddd-566c19f0c761 /coreSdkOptions=0 /binaryPath="C:\Program Files\AVG\AVG8\"
     VzCdbSvc.exe   624      5,752 K   4,256 K   VAIO Entertainment Database Service   Sony Corporation   "C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe"
     VzFw.exe   824      4,524 K   4,408 K   VAIO Entertainment File Import Service   Sony Corporation   "C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe"
     alg.exe   2556      1,292 K   1,980 K   Application Layer Gateway Service   Microsoft Corporation   C:\WINDOWS\System32\alg.exe
    lsass.exe   916      4,112 K   1,456 K   LSA Shell (Export Version)   Microsoft Corporation   C:\WINDOWS\system32\lsass.exe
explorer.exe   2680      22,192 K   19,532 K   Windows Explorer   Microsoft Corporation   C:\WINDOWS\Explorer.EXE
 avgtray.exe   2960      3,688 K   796 K   AVG Tray Monitor   AVG Technologies CZ, s.r.o.   "C:\PROGRA~1\AVG\AVG8\avgtray.exe"
 SearchProtection.exe   2988      3,792 K   1,524 K   Yahoo! Application   Yahoo! Inc   "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
 InstallService.exe   3008      1,524 K   432 K      Netscape Communications Corporation   "C:\Program Files\Common Files\ISPCOMP\InstallService.exe"
 aolsoftware.exe   3024      8,732 K   7,392 K   AOL   AOL LLC   "C:\Program Files\Common Files\AOL\1217722696\ee\AOLSoftware.exe"
 LWS.exe   3048      18,972 K   2,532 K   Camera Software   Logitech Inc.   "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
 Skype.exe   1380      28,152 K   16,292 K   Skype    Skype Technologies S.A.   "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
  skypePM.exe   1328      16,188 K   3,804 K   Skype Extras Manager   Skype Technologies   "C:\Program Files\Skype\Plugin Manager\skypePM.exe" /SILENT
 ctfmon.exe   3336      1,152 K   2,228 K   CTF Loader   Microsoft Corporation   "C:\WINDOWS\system32\ctfmon.exe"
 SSScheduler.exe   3360      808 K   80 K   McAfee Security Scanner Scheduler   McAfee, Inc.   "C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe"
 firefox.exe   2216      85,124 K   97,740 K   Firefox   Mozilla Corporation   "C:\Program Files\Mozilla Firefox\firefox.exe"
 procexp.exe   5016      10,828 K   16,528 K   Sysinternals Process Explorer   Sysinternals - www.sysinternals.com   "C:\DOCUME~1\User\LOCALS~1\Temp\Temporary Directory 1 for ProcessExplorer.zip\procexp.exe"
Vid.exe   2804      619,868 K   14,132 K   Logitech Vid HD   Logitech Inc.   "C:\Program Files\Logitech\Vid HD\Vid.exe" -installmode
YahooMessenger.exe   4264      109,724 K   48,556 K   Yahoo! Messenger   Yahoo! Inc.   "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE"
 iexplore.exe   1296      6,048 K   1,004 K   Internet Explorer   Microsoft Corporation   "C:\Program Files\Internet Explorer\IEXPLORE.EXE"  -nohome
  iexplore.exe   4668      22,604 K   912 K   Internet Explorer   Microsoft Corporation   "C:\Program Files\Internet Explorer\IEXPLORE.EXE" SCODEF:1296 CREDAT:14337
 iexplore.exe   3300      5,584 K   884 K   Internet Explorer   Microsoft Corporation   "C:\Program Files\Internet Explorer\IEXPLORE.EXE"  -nohome
  iexplore.exe   5916      13,372 K   700 K   Internet Explorer   Microsoft Corporation   "C:\Program Files\Internet Explorer\IEXPLORE.EXE" SCODEF:3300 CREDAT:14337
 iexplore.exe   1832      5,636 K   896 K   Internet Explorer   Microsoft Corporation   "C:\Program Files\Internet Explorer\IEXPLORE.EXE"  -nohome
  iexplore.exe   5808      13,336 K   548 K   Internet Explorer   Microsoft Corporation   "C:\Program Files\Internet Explorer\IEXPLORE.EXE" SCODEF:1832 CREDAT:14337
 iexplore.exe   5188      5,580 K   888 K   Internet Explorer   Microsoft Corporation   "C:\Program Files\Internet Explorer\IEXPLORE.EXE"  -nohome
  iexplore.exe   4904      13,512 K   544 K   Internet Explorer   Microsoft Corporation   "C:\Program Files\Internet Explorer\IEXPLORE.EXE" SCODEF:5188 CREDAT:14337
 iexplore.exe   3232      5,592 K   896 K   Internet Explorer   Microsoft Corporation   "C:\Program Files\Internet Explorer\IEXPLORE.EXE"  -nohome
  iexplore.exe   4068      13,580 K   544 K   Internet Explorer   Microsoft Corporation   "C:\Program Files\Internet Explorer\IEXPLORE.EXE" SCODEF:3232 CREDAT:14337
 iexplore.exe   4916      5,632 K   904 K   Internet Explorer   Microsoft Corporation   "C:\Program Files\Internet Explorer\IEXPLORE.EXE"  -nohome
  iexplore.exe   436      13,516 K   540 K   Internet Explorer   Microsoft Corporation   "C:\Program Files\Internet Explorer\IEXPLORE.EXE" SCODEF:4916 CREDAT:14337
 iexplore.exe   4000      5,536 K   1,824 K   Internet Explorer   Microsoft Corporation   "C:\Program Files\Internet Explorer\IEXPLORE.EXE"  -nohome
  iexplore.exe   3304      16,040 K   2,008 K   Internet Explorer   Microsoft Corporation   "C:\Program Files\Internet Explorer\IEXPLORE.EXE" SCODEF:4000 CREDAT:14337
 iexplore.exe   4208      5,600 K   1,756 K   Internet Explorer   Microsoft Corporation   "C:\Program Files\Internet Explorer\IEXPLORE.EXE"  -nohome
  iexplore.exe   5100      13,488 K   1,704 K   Internet Explorer   Microsoft Corporation   "C:\Program Files\Internet Explorer\IEXPLORE.EXE" SCODEF:4208 CREDAT:14337
waol.exe   1444      118,588 K   11,248 K   AOL Software   AOL, LLC.    -Brestart
 shellmon.exe   5716      656 K   2,632 K   waolmon   AOL, LLC.   "C:\Program Files\AOL 9.1\shellmon.exe"
 aoltpsd3.exe   4408      2,456 K   5,680 K   AOL TopSpeed   AOL LLC    -p11535 -q"11536,11537,11538,11539,11540,11541,11542,11543" -S256 -G"C:\Documents and Settings\All Users\Application Data\AOL\Topspeed\3.0\vph.ph" -g"{9C6D947A-D1B5-4271-A40A-7EFA70080F11}" -e1

[miolner1]

A quick update for you . I booted up my pc this morning and some little gremlin must have got into my system last night. My yahoo msg will not open now and it was working perfectly yesterday. I did gather this info from the error msg box in yahoo :

Checking virtual IP servers...
[VIP Raw] Connecting to Virtual IP server 98.136.48.32...
[VIP Raw] Connecting to Virtual IP server 67.195.186.241...
[VIP Raw] Connecting to Virtual IP server 68.180.217.15...
[VIP Raw] Connecting to Virtual IP server 76.13.15.38...
[VIP Raw] FAILED
 ***  'COMPONENT_TYPE_YCP' YCPError: 'YMSG.ColoSelectionTimeout' ***

Checking HTTP virtual IP servers...
[VIP Http] Connecting to HTTP Virtual IP server 216.155.194.34...
[VIP Http] Connecting to HTTP Virtual IP server 98.136.112.56...
[VIP Http] Connecting to HTTP Virtual IP server 216.155.194.137...
[VIP Http] Connecting to HTTP Virtual IP server 98.136.112.142...
[VIP Http] FAILED
 ***  'COMPONENT_TYPE_YCP' YCPError: 'YMSG.ColoSelectionTimeout' ***

What could have happened to the connection as my firefox is working fine . However, my aol hompage is static and as for now just shows a white screen upon sign on . The status bar at the top of the aol screen shows connected and signed on.. I wonder if the rereg of files performed yesterday had anything to do with it ?

 

[SuperDave]

Please re-run RootRepeal again and post the log as instructed in Reply # 9

[miolner1]

Rootrepeal log just run:


ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:      2010/09/17 11:16
Program Version:      Version 1.3.5.0
Windows Version:      Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA9BFE000   Size: 98304   File Visible: No   Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7BD0000   Size: 8192   File Visible: No   Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA8AA7000   Size: 49152   File Visible: No   Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: c:\documents and settings\user\application data\skype\etilqs_qfyjmfnvxg56fsf6sbxi
Status: Allocation size mismatch (API: 65536, Raw: 0)

Path: c:\documents and settings\user\application data\skype\etilqs_ywj25zmdo50r3v004jnd
Status: Allocation size mismatch (API: 8192, Raw: 0)

==EOF==

[SuperDave]

Your copy of ComboFix has passed it's shelf life. Please delete it, download a new one and run another scan.

Download ComboFix by sUBs from one of the below links. 

Important! You MUST save ComboFix to your desktop

link # 1
Link # 2

Temporarily disable your Anti-virus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click on ComboFix.exe & follow the prompts.

Vista users Right-Click on ComboFix.exe and select Run as administrator (you will receive a UAC prompt, please allow it)

Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

When the scan completes it will open a text window.
 
Post the contents of that log in your next reply.

Remember to re-enable your Anti-virus and Antispyware protection when ComboFix is complete.

[miolner1]

ComboFix 10-09-17.04 - User 09/18/2010  16:09:28.4.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1014.402 [GMT -7:00]
Running from: c:\documents and settings\User\Desktop\ComboFix1.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
(((((((((((((((((((((((((   Files Created from 2010-08-18 to 2010-09-18  )))))))))))))))))))))))))))))))
.

2010-09-18 23:05 . 2010-09-18 23:05   --------   d-----r-   C:\32788R22FWJFW
2010-09-17 18:06 . 2010-09-17 18:06   42816   ----a-w-   c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-17 04:25 . 2010-09-17 04:25   --------   d-----w-   c:\documents and settings\User\Application Data\Registry Mechanic
2010-09-17 04:21 . 2010-08-05 15:46   37336   ----a-w-   c:\windows\system32\CleanMFT32.exe
2010-09-17 04:21 . 2010-09-17 04:21   --------   d-----w-   c:\program files\Common Files\PC Tools
2010-09-15 21:28 . 2010-09-16 03:16   --------   d-----w-   c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-09-15 21:25 . 2010-09-16 03:11   --------   d-----w-   c:\windows\SxsCaPendDel
2010-09-12 00:29 . 2010-09-12 00:29   --------   d-----w-   c:\program files\ESET
2010-09-10 19:58 . 2010-09-10 19:58   0   ----a-w-   c:\documents and settings\User\settings.dat
2010-09-09 21:55 . 2009-10-07 08:47   266008   ----a-r-   c:\windows\system32\drivers\lvrs.sys
2010-09-09 21:55 . 2009-10-07 08:24   34068   ----a-r-   c:\windows\system32\Repository.reg
2010-09-09 21:55 . 2009-10-07 08:48   539160   ----a-r-   c:\windows\system32\LVUI2RC.dll
2010-09-09 21:55 . 2009-10-07 08:48   539160   ----a-r-   c:\windows\system32\LVUI2.dll
2010-09-09 21:55 . 2009-10-07 08:43   199192   ----a-r-   c:\windows\system32\lvci12101110.dll
2010-09-09 21:55 . 2009-10-07 08:43   416280   ----a-r-   c:\windows\system32\lvcodec2.dll
2010-09-09 21:55 . 2009-10-07 08:49   6756632   ----a-r-   c:\windows\system32\drivers\lvuvc.sys
2010-09-09 21:41 . 2010-09-09 21:41   --------   d-----w-   c:\documents and settings\User\Local Settings\Application Data\LogiShrd
2010-09-09 21:39 . 2009-10-07 08:49   23832   ----a-r-   c:\windows\system32\drivers\lvuvcflt.sys
2010-09-09 21:39 . 2010-09-09 21:40   --------   dc----w-   c:\windows\system32\DRVSTORE
2010-09-09 21:37 . 2010-09-09 21:55   --------   d-----w-   c:\program files\Common Files\LogiShrd
2010-09-09 21:37 . 2010-09-10 22:29   --------   d-----w-   c:\documents and settings\All Users\Application Data\LogiShrd
2010-09-09 21:37 . 2010-09-16 03:11   --------   d-----w-   c:\program files\Logitech
2010-09-09 21:37 . 2008-04-13 18:39   5504   -c--a-w-   c:\windows\system32\dllcache\mstee.sys
2010-09-09 21:37 . 2008-04-13 18:39   5504   ----a-w-   c:\windows\system32\drivers\MSTEE.sys
2010-09-09 21:37 . 2008-04-13 18:46   10880   -c--a-w-   c:\windows\system32\dllcache\ndisip.sys
2010-09-09 21:37 . 2008-04-13 18:46   10880   ----a-w-   c:\windows\system32\drivers\NdisIP.sys
2010-09-09 21:36 . 2008-04-13 18:46   15232   -c--a-w-   c:\windows\system32\dllcache\streamip.sys
2010-09-09 21:36 . 2008-04-13 18:46   15232   ----a-w-   c:\windows\system32\drivers\StreamIP.sys
2010-09-09 21:36 . 2008-04-13 18:46   11136   -c--a-w-   c:\windows\system32\dllcache\slip.sys
2010-09-09 21:36 . 2008-04-13 18:46   11136   ----a-w-   c:\windows\system32\drivers\SLIP.sys
2010-09-09 21:36 . 2008-04-13 18:46   19200   -c--a-w-   c:\windows\system32\dllcache\wstcodec.sys
2010-09-09 21:36 . 2008-04-13 18:46   19200   ----a-w-   c:\windows\system32\drivers\WSTCODEC.SYS
2010-09-09 21:36 . 2008-04-13 18:46   85248   -c--a-w-   c:\windows\system32\dllcache\nabtsfec.sys
2010-09-09 21:36 . 2008-04-13 18:46   85248   ----a-w-   c:\windows\system32\drivers\NABTSFEC.sys
2010-09-09 21:36 . 2008-04-13 18:46   17024   -c--a-w-   c:\windows\system32\dllcache\ccdecode.sys
2010-09-09 21:36 . 2008-04-13 18:46   17024   ----a-w-   c:\windows\system32\drivers\CCDECODE.sys
2010-09-09 21:36 . 2008-04-13 18:45   60032   -c--a-w-   c:\windows\system32\dllcache\usbaudio.sys
2010-09-09 21:36 . 2008-04-13 18:45   60032   ----a-w-   c:\windows\system32\drivers\USBAUDIO.sys
2010-09-09 21:35 . 2008-04-14 00:12   53760   -c--a-w-   c:\windows\system32\dllcache\vfwwdm32.dll
2010-09-09 21:35 . 2008-04-14 00:12   53760   ----a-w-   c:\windows\system32\vfwwdm32.dll
2010-09-09 21:35 . 2008-04-13 18:45   32128   -c--a-w-   c:\windows\system32\dllcache\usbccgp.sys
2010-09-09 21:35 . 2008-04-13 18:45   32128   ----a-w-   c:\windows\system32\drivers\usbccgp.sys
2010-09-09 00:12 . 2010-09-09 00:12   --------   d-----w-   c:\program files\MetaStream
2010-09-07 23:48 . 2010-09-07 23:48   --------   d-----w-   c:\documents and settings\LocalService\Application Data\McAfee
2010-09-07 03:49 . 2010-04-29 22:39   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-07 03:49 . 2010-04-29 22:39   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-09-07 03:49 . 2010-09-07 03:49   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-09-07 01:09 . 2010-09-07 01:09   --------   d-----w-   c:\documents and settings\User\Application Data\SUPERAntiSpyware.com
2010-09-07 01:09 . 2010-09-07 01:09   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-09-07 01:09 . 2010-09-07 01:09   --------   d-----w-   c:\program files\SUPERAntiSpyware
2010-08-25 04:31 . 2010-08-25 04:31   --------   d-----w-   c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-08-25 04:30 . 2010-08-25 04:30   56   ---ha-w-   c:\windows\system32\ezsidmv.dat
2010-08-25 04:30 . 2010-09-18 23:04   --------   d-----w-   c:\documents and settings\User\Application Data\skypePM
2010-08-25 04:26 . 2010-09-18 23:14   --------   d-----w-   c:\documents and settings\User\Application Data\Skype
2010-08-25 04:26 . 2010-09-18 22:31   --------   d-----w-   c:\documents and settings\User\Local Settings\Application Data\Temp
2010-08-25 04:26 . 2010-09-08 00:28   --------   d-----w-   c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-08-25 04:25 . 2010-08-25 04:25   --------   d-----w-   c:\program files\Common Files\Skype
2010-08-25 04:25 . 2010-08-25 04:26   --------   d-----r-   c:\program files\Skype
2010-08-25 04:25 . 2010-08-25 04:25   --------   d-----w-   c:\documents and settings\All Users\Application Data\Skype

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-17 04:25 . 2008-08-03 02:45   --------   d---a-w-   c:\documents and settings\All Users\Application Data\TEMP
2010-09-16 00:18 . 2010-09-09 21:55   0   ----a-w-   c:\windows\system32\drivers\lvuvc.hs
2010-09-16 00:17 . 2010-09-09 21:39   0   ----a-w-   c:\windows\system32\drivers\logiflt.iad
2010-09-15 21:32 . 2009-06-06 21:24   --------   d-----w-   c:\documents and settings\User\Application Data\Yahoo!
2010-09-15 21:28 . 2008-08-30 21:40   --------   d-----w-   c:\program files\Yahoo!
2010-09-14 02:30 . 2001-01-02 07:46   --------   d-----w-   c:\program files\RegistryFix7
2010-09-13 00:34 . 2010-09-17 19:18   58368   ----a-w-   c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\extensions\{23256f20-0d9b-4323-b005-6e5de569c4b7}\components\FFExternalAlert.dll
2010-09-13 00:34 . 2010-09-17 19:18   101376   ----a-w-   c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\extensions\{23256f20-0d9b-4323-b005-6e5de569c4b7}\components\RadioWMPCore.dll
2010-09-11 14:46 . 2001-02-23 06:38   --------   d-----w-   c:\program files\Microsoft Silverlight
2010-09-07 23:26 . 2001-01-31 21:18   --------   d-----w-   c:\program files\McAfee Security Scan
2010-09-07 03:28 . 2008-08-03 02:22   --------   d-----w-   c:\documents and settings\User\Application Data\Comodo
2010-09-07 03:28 . 2008-08-03 02:22   --------   d-----w-   c:\program files\COMODO
2010-09-07 01:10 . 2010-09-07 01:10   63488   ----a-w-   c:\documents and settings\User\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-07 01:10 . 2010-09-07 01:10   52224   ----a-w-   c:\documents and settings\User\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-09-07 01:10 . 2010-09-07 01:10   117760   ----a-w-   c:\documents and settings\User\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-05 23:42 . 2010-09-17 19:18   58368   ----a-w-   c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\extensions\[email protected]\components\FFExternalAlert.dll
2010-09-05 23:42 . 2010-09-17 19:18   101376   ----a-w-   c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\extensions\[email protected]\components\RadioWMPCore.dll
2010-08-25 04:31 . 2004-11-21 02:35   --------   d-----w-   c:\program files\Google
2010-08-23 05:46 . 2008-08-03 02:13   --------   d-----w-   c:\documents and settings\All Users\Application Data\avg8
2010-08-17 13:17 . 2004-11-21 00:04   58880   ----a-w-   c:\windows\system32\spoolsv.exe
2010-07-31 05:47 . 2010-07-31 05:47   --------   d-----w-   c:\program files\Microsoft CAPICOM 2.1.0.2
2010-07-22 15:49 . 2004-11-21 00:04   590848   ----a-w-   c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-04-14 20:08   5120   ----a-w-   c:\windows\system32\xpsp4res.dll
2010-06-30 12:31 . 2004-11-21 00:04   149504   ----a-w-   c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2004-11-21 00:04   916480   ----a-w-   c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2004-11-21 00:04   1851904   ----a-w-   c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-11-21 00:04   354304   ----a-w-   c:\windows\system32\drivers\srv.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"AOL Fast Start"="c:\program files\AOL 9.1\AOL.EXE" [2008-06-03 50528]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2001-02-18 2048352]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-11-06 5406720]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"Netscape"="c:\program files\Common Files\ISPCOMP\InstallService.exe" [2005-09-07 173568]
"HostManager"="c:\program files\Common Files\AOL\1217722696\ee\AOLSoftware.exe" [2007-05-25 42032]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]

c:\documents and settings\User\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - c:\program files\Logitech\Logitech WebCam Software\eReg.exe [2009-10-14 517384]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2001-01-02 16:08   11952   ----a-w-   c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2004-10-27 23:40   73728   ----a-w-   c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2004-10-14 00:00   57344   -c--a-w-   c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
2008-06-03 05:35   50528   ----a-w-   c:\program files\AOL 9.1\aol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
2006-10-23 12:50   71216   ----a-r-   c:\program files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2003-11-08 00:21   114688   -c--a-w-   c:\program files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO SafeSurf]
2008-08-03 02:23   278264   -c--a-w-   c:\program files\COMODO\SafeSurf\cssurf.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreateCD_Reminder]
2004-07-16 19:17   53248   -c--a-w-   c:\windows\SONYSYS\VAIO Recovery\Reminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12   15360   ----a-w-   c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2007-04-09 19:32   19456   -c--a-w-   c:\windows\system32\CtHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
2007-04-09 19:32   19968   -c--a-w-   c:\windows\system32\Ctxfihlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2007-05-25 17:16   42032   ----a-w-   c:\program files\Common Files\AOL\1217722696\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2004-10-08 15:27   126976   -c--a-w-   c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2004-10-08 15:31   155648   -c--a-w-   c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
2004-02-20 22:12   32768   -c--a-w-   c:\program files\Sony\ISB Utility\ISBMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2004-11-06 05:05   5406720   ----a-w-   c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
2007-09-04 21:52   54576   -c--a-w-   c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2008-08-02 20:50   26112   ----a-w-   c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefaultMIDI]
2007-04-09 19:19   28672   -c--a-w-   c:\windows\system32\MIDIDEF.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SonyPowerCfg]
2004-10-22 03:12   184320   ----a-w-   c:\program files\Sony\VAIO Power Management\SPMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Switcher.exe]
2004-10-26 06:20   167936   ----a-w-   c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Recovery]
2003-04-20 05:08   28672   -c--a-w-   c:\windows\SONYSYS\VAIO Recovery\PartSeal.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Update 2]
2004-09-22 02:54   151552   ----a-w-   c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2010-06-01 17:17   5252408   ----a-w-   c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\1217722696\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Documents and Settings\\User\\My Documents\\Downloads\\SweetImSetup.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/2/2008 7:13 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/2/2008 7:13 PM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [8/2/2008 7:13 PM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [8/2/2008 7:13 PM 297752]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [9/16/2010 9:21 PM 583640]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/24/2010 9:26 PM 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 5:49 AM 227232]
.
Contents of the 'Scheduled Tasks' folder

2010-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-25 04:26]

2010-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-25 04:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2642707&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - TranslatorBar 5.2 Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2642707&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\extensions\{23256f20-0d9b-4323-b005-6e5de569c4b7}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\extensions\{23256f20-0d9b-4323-b005-6e5de569c4b7}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\extensions\[email protected]\components\FFExternalAlert.dll
FF - component: c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\a1qipwmg.default\extensions\[email protected]\components\RadioWMPCore.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJPI150.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPOJI610.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-18 16:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(868)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\VESWinlogon.dll

- - - - - - - > 'explorer.exe'(5696)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\windows\wanmpsvc.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\igfxext.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\program files\AOL 9.1\waol.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\progra~1\Yahoo!\Messenger\ymsgr_tray.exe
c:\program files\AOL 9.1\shellmon.exe
.
**************************************************************************
.
Completion time: 2010-09-18  16:31:44 - machine was rebooted
ComboFix-quarantined-files.txt  2010-09-18 23:31
ComboFix2.txt  2010-09-11 05:26
ComboFix3.txt  2010-09-09 00:22
ComboFix4.txt  2010-09-08 18:27

Pre-Run: 41,830,486,016 bytes free
Post-Run: 42,044,772,352 bytes free

- - End Of File - - 3E5B0F3FE448F4C9FD26029C9B93F9C4

[SuperDave]

What could have happened to the connection as my firefox is working fine . However, my aol hompage is static and as for now just shows a white screen upon sign on . The status bar at the top of the aol screen shows connected and signed on

You said Firefox is working well but what browser is your AOL homepage on? Can you please give me a screenprint.

How to post screenshots or images

Have you tried uninstalling AOL and downloading a new version?

[miolner1]

Dave, I have resolved the issue with logging onto AOL by uninstalling and then installing the updated version. Now, the only issue left over isto do with the much increased wait time from the time I logon to windows till I can actually run any programs. Also, and more surprisingly is the time taken to open new browser windows in Firefox etc....I notice that the time taken for such processes is approx twice as much as before...

[SuperDave]

We should do some cleanup and then I will give you a couple of links to try to speed up your computer while booting. You should investigate how much RAM you're running and what programs start when you boot. Also check to see how much free space you have on your C: drive. You should have at least 15/% in order for your computer to run correctly. If all these fail to speed up your computer, perhaps, you should start a new thread in the appropriate software forum.

Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
**********************************

StartupLite

Download StartupLite by MalwareBytes to your Desktop.
Doubleclick StartupLite.exe to launch the program.
Ensure the Disable box is checked.
Click Continue.
A pop up message will tell you the unecessary startup items in your list have been disabled and ask you to restart your computer.
Re-start your computer.
*****************************
Clean-up

* Click START then RUN - Vista users press the Windows Key and the R keys for the Run box.
* Now type Combofix /uninstall in the runbox
* Make sure there's a space between Combofix and /Uninstall
* Then hit Enter

* The above procedure will:
* Delete the following:
* ComboFix and its associated files and folders.
* Reset the clock settings.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* Set a new, clean Restore Point.

*********************************

Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

**********************************

Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Safe Surfing!

[miolner1]

Super D, I have completed the steps outlined in the last post. However, it seems that there is a very long system lag issue from the time of logging on to windows to getting something to appear on screen takes close to 8 minutes. I know we have completed alot of processes to get yahoo msg up and running but this system lag is a bummer. Take for instance my AOL , at times it will just freeze on screen and requires a close down of program and reopen. What do you think can be done to rid the system of the lag?

Btw I did a system check and it seems I have adequate ram resources and no other issues were evident on the system performance diagnosis.

[SuperDave]

You could try this tool. If it doesn't improve I would suggest that you start a new thread in the proper Windows software forum.

StartupLite

Download StartupLite by MalwareBytes to your Desktop.
Doubleclick StartupLite.exe to launch the program.
Ensure the Disable box is checked.
Click Continue.
A pop up message will tell you the unecessary startup items in your list have been disabled and ask you to restart your computer.
Re-start your computer.

[miolner1]

Dave, I ran the Startuplite progam again and restarted the pc but did not notice any difference in the system lag issue. I will go to the browser section of this site to see what needs to be done to remove this little glitch affecting the startup process. So all in all my yahoo is now working great now and and am well armed against any malware or spyware in the future. On a further note the link you provided to cleanup the registry as well as improve peformance is really comprehensive and well written. There are some great tips on there . Thanks again Dave for all the help.