Need help, completed the required steps, have logs for review.

[bpilgrim93]

Our family computer has recently been having problems.  At first upon opening any program, a windows box would come up and it would say something in computer jargin and always end in "BadImage". That stopped after running SAS though. Now, after completing all the steps, whenever searching for anything or when ever either Firefox or Internet Explorer is opened, it'll bring up a tab with pop up and won't let you exit out of it.  Also, whenever searching anything on the internet, it'll bring up another random search engine.  When we try to log off as a user or turn off the computer, it won't work. It'll just go back to the desk top and nothing will happen. Sometimes, it won't even let you sign in as a user too. Anyway, here are the logs.  Any help is MUCH appreciated. Thanks.


SAS LOG



SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/27/2011 at 10:15 PM

Application Version : 4.49.1000

Core Rules Database Version : 6494
Trace Rules Database Version: 4306

Scan type       : Complete Scan
Total Scan Time : 02:04:38

Memory items scanned      : 534
Memory threats detected   : 2
Registry items scanned    : 7187
Registry threats detected : 51
File items scanned        : 162978
File threats detected     : 1289

Adware.ShopAtHome/SelectRebates
   C:\PROGRAM FILES\SELECTREBATES\SELECTREBATES.EXE
   C:\PROGRAM FILES\SELECTREBATES\SELECTREBATES.EXE
   [SelectRebates] C:\PROGRAM FILES\SELECTREBATES\SELECTREBATES.EXE

Adware.SelectRebates[SAH]
   C:\PROGRAM FILES\SELECTREBATES\SREBATES.DLL
   C:\PROGRAM FILES\SELECTREBATES\SREBATES.DLL

Adware.BluSwede
   HKLM\Software\Classes\CLSID\{D83A7B12-A4D4-4984-8F72-D41C6B4C1E6E}
   HKCR\CLSID\{D83A7B12-A4D4-4984-8F72-D41C6B4C1E6E}
   HKCR\CLSID\{D83A7B12-A4D4-4984-8F72-D41C6B4C1E6E}
   HKCR\CLSID\{D83A7B12-A4D4-4984-8F72-D41C6B4C1E6E}#AppID
   HKCR\CLSID\{D83A7B12-A4D4-4984-8F72-D41C6B4C1E6E}\InprocServer32
   HKCR\CLSID\{D83A7B12-A4D4-4984-8F72-D41C6B4C1E6E}\InprocServer32#ThreadingModel
   HKCR\CLSID\{D83A7B12-A4D4-4984-8F72-D41C6B4C1E6E}\ProgID
   HKCR\CLSID\{D83A7B12-A4D4-4984-8F72-D41C6B4C1E6E}\Programmable
   HKCR\CLSID\{D83A7B12-A4D4-4984-8F72-D41C6B4C1E6E}\TypeLib
   HKCR\CLSID\{D83A7B12-A4D4-4984-8F72-D41C6B4C1E6E}\VersionIndependentProgID
   HKCR\toolbar.TB.1
   HKCR\toolbar.TB.1\CLSID
   HKCR\toolbar.TB
   HKCR\toolbar.TB\CLSID
   HKCR\toolbar.TB\CurVer
   HKCR\TypeLib\{6C45BAB3-2A03-44a0-B2DE-D6850CDD29B0}
   HKCR\TypeLib\{6C45BAB3-2A03-44a0-B2DE-D6850CDD29B0}\1.0
   HKCR\TypeLib\{6C45BAB3-2A03-44a0-B2DE-D6850CDD29B0}\1.0\0
   HKCR\TypeLib\{6C45BAB3-2A03-44a0-B2DE-D6850CDD29B0}\1.0\0\win32
   HKCR\TypeLib\{6C45BAB3-2A03-44a0-B2DE-D6850CDD29B0}\1.0\FLAGS
   HKCR\TypeLib\{6C45BAB3-2A03-44a0-B2DE-D6850CDD29B0}\1.0\HELPDIR
   C:\PROGRAM FILES\ESOFTWARE\STUDIO.DLL
   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D83A7B12-A4D4-4984-8F72-D41C6B4C1E6E}
   HKU\S-1-5-21-4034229885-2373023512-2071915232-1012\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D83A7B12-A4D4-4984-8F72-D41C6B4C1E6E}
   HKCR\Interface\{C3614386-3A1B-42C9-A1EB-845E109346A1}
   HKCR\Interface\{C3614386-3A1B-42C9-A1EB-845E109346A1}\ProxyStubClsid
   HKCR\Interface\{C3614386-3A1B-42C9-A1EB-845E109346A1}\ProxyStubClsid32
   HKCR\Interface\{C3614386-3A1B-42C9-A1EB-845E109346A1}\TypeLib
   HKCR\Interface\{C3614386-3A1B-42C9-A1EB-845E109346A1}\TypeLib#Version

Adware.ShopAtHomeSelect
   HKLM\Software\Classes\CLSID\{E8DAAA30-6CAA-4b58-9603-8E54238219E2}
   HKCR\CLSID\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}
   HKCR\CLSID\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}
   HKCR\CLSID\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}\InprocServer32
   HKCR\CLSID\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}\InprocServer32#ThreadingModel
   HKCR\CLSID\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}\ProgID
   HKCR\CLSID\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}\Programmable
   HKCR\CLSID\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}\TypeLib
   HKCR\CLSID\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}\VersionIndependentProgID
   HKCR\ToolBand.ShopAtHomeIEHelper.1
   HKCR\ToolBand.ShopAtHomeIEHelper.1\CLSID
   HKCR\ToolBand.ShopAtHomeIEHelper
   HKCR\ToolBand.ShopAtHomeIEHelper\CLSID
   HKCR\ToolBand.ShopAtHomeIEHelper\CurVer
   HKCR\TypeLib\{462E4AEC-DB3B-4e69-AF61-4F300D76255C}
   HKCR\TypeLib\{462E4AEC-DB3B-4e69-AF61-4F300D76255C}\1.0
   HKCR\TypeLib\{462E4AEC-DB3B-4e69-AF61-4F300D76255C}\1.0\0
   HKCR\TypeLib\{462E4AEC-DB3B-4e69-AF61-4F300D76255C}\1.0\0\win32
   HKCR\TypeLib\{462E4AEC-DB3B-4e69-AF61-4F300D76255C}\1.0\FLAGS
   HKCR\TypeLib\{462E4AEC-DB3B-4e69-AF61-4F300D76255C}\1.0\HELPDIR
   C:\PROGRAM FILES\SELECTREBATES\TOOLBAR\SHOPATHOMETOOLBAR.DLL
   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E8DAAA30-6CAA-4b58-9603-8E54238219E2}
   HKU\S-1-5-21-4034229885-2373023512-2071915232-1012\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}

Adware.SelectRebates
   C:\Program Files\SELECTREBATES\FFToolbar\chrome\sahtoolbar.jar
   C:\Program Files\SELECTREBATES\FFToolbar\chrome
   C:\Program Files\SELECTREBATES\FFToolbar\chrome.manifest
   C:\Program Files\SELECTREBATES\FFToolbar\defaults\preferences\sahtoolbar.js
   C:\Program Files\SELECTREBATES\FFToolbar\defaults\preferences
   C:\Program Files\SELECTREBATES\FFToolbar\defaults
   C:\Program Files\SELECTREBATES\FFToolbar\install.rdf
   C:\Program Files\SELECTREBATES\FFToolbar
   C:\Program Files\SELECTREBATES\SahImages\alert.png
   C:\Program Files\SELECTREBATES\SahImages\check.png
   C:\Program Files\SELECTREBATES\SahImages\close.png
   C:\Program Files\SELECTREBATES\SahImages
   C:\Program Files\SELECTREBATES\SelectAlerts.dat
   C:\Program Files\SELECTREBATES\SelectRebates.ini
   C:\Program Files\SELECTREBATES\SelectRebatesA.dat
   C:\Program Files\SELECTREBATES\SelectRebatesApi.exe
   C:\Program Files\SELECTREBATES\SelectRebatesB.dat
   C:\Program Files\SELECTREBATES\SelectRebatesBT.dat
   C:\Program Files\SELECTREBATES\SelectRebatesDownload.exe
   C:\Program Files\SELECTREBATES\SelectRebatesH.dat
   C:\Program Files\SELECTREBATES\SelectRebatesUninstall.exe
   C:\Program Files\SELECTREBATES\SRFF3.dll
   C:\Program Files\SELECTREBATES\Toolbar\AddtoList.bmp
   C:\Program Files\SELECTREBATES\Toolbar\basis.xml
   C:\Program Files\SELECTREBATES\Toolbar\Basis.xml.dym
   C:\Program Files\SELECTREBATES\Toolbar\Blank.bmp
   C:\Program Files\SELECTREBATES\Toolbar\Cache
   C:\Program Files\SELECTREBATES\Toolbar\CashBack.bmp
   C:\Program Files\SELECTREBATES\Toolbar\Coupons.bmp
   C:\Program Files\SELECTREBATES\Toolbar\GroceryCoupon.bmp
   C:\Program Files\SELECTREBATES\Toolbar\icons.bmp
   C:\Program Files\SELECTREBATES\Toolbar\ImageCache
   C:\Program Files\SELECTREBATES\Toolbar\i_magnifying.bmp
   C:\Program Files\SELECTREBATES\Toolbar\logo.bmp
   C:\Program Files\SELECTREBATES\Toolbar\logo_24.bmp
   C:\Program Files\SELECTREBATES\Toolbar\logo_HotSpots.bmp
   C:\Program Files\SELECTREBATES\Toolbar\ReviewSite.bmp
   C:\Program Files\SELECTREBATES\Toolbar\RightControls.dym
   C:\Program Files\SELECTREBATES\Toolbar\sahtb-alert.bmp
   C:\Program Files\SELECTREBATES\Toolbar\sahtb-go.bmp
   C:\Program Files\SELECTREBATES\Toolbar\sahtb-grocerycoupons.bmp
   C:\Program Files\SELECTREBATES\Toolbar\sahtb-icons.bmp
   C:\Program Files\SELECTREBATES\Toolbar\sahtb-restaurant.bmp
   C:\Program Files\SELECTREBATES\Toolbar\sahtb-wishlist.bmp
   C:\Program Files\SELECTREBATES\Toolbar\Scissors.bmp
   C:\Program Files\SELECTREBATES\Toolbar
   C:\Program Files\SELECTREBATES

Adware.Tracking Cookie
   cdn4.specificclick.net [ C:\Documents and Settings\chelsea\Application Data\Macromedia\Flash Player\#SharedObjects\67YH4LZM ]
   core.insightexpressai.com [ C:\Documents and Settings\chelsea\Application Data\Macromedia\Flash Player\#SharedObjects\67YH4LZM ]
   games.*adult URL* [ C:\Documents and Settings\chelsea\Application Data\Macromedia\Flash Player\#SharedObjects\67YH4LZM ]
   i.*adult URL* [ C:\Documents and Settings\chelsea\Application Data\Macromedia\Flash Player\#SharedObjects\67YH4LZM ]
   ia.media-imdb.com [ C:\Documents and Settings\chelsea\Application Data\Macromedia\Flash Player\#SharedObjects\67YH4LZM ]
   m1.2mdn.net [ C:\Documents and Settings\chelsea\Application Data\Macromedia\Flash Player\#SharedObjects\67YH4LZM ]
   media-ti.pictela.net [ C:\Documents and Settings\chelsea\Application Data\Macromedia\Flash Player\#SharedObjects\67YH4LZM ]
   media.mtvnservices.com [ C:\Documents and Settings\chelsea\Application Data\Macromedia\Flash Player\#SharedObjects\67YH4LZM ]
   media.mtvu.com [ C:\Documents and Settings\chelsea\Application Data\Macromedia\Flash Player\#SharedObjects\67YH4LZM ]
   media.scanscout.com [ C:\Documents and Settings\chelsea\Application Data\Macromedia\Flash Player\#SharedObjects\67YH4LZM ]
   media.washingtonpost.com [ C:\Documents and Settings\chelsea\Application Data\Macromedia\Flash Player\#SharedObjects\67YH4LZM ]
   media1.break.com [ C:\Documents and Settings\chelsea\Application Data\Macromedia\Flash Player\#SharedObjects\67YH4LZM ]
   media1.clubpenguin.com [ C:\Documents and Settings\chelsea\Application Data\Macromedia\Flash Player\#SharedObjects\67YH4LZM ]
   media2.myfoxatlanta.com [ C:\Documents and Settings\chelsea\Application Data\Macromedia\Flash Player\#SharedObjects\67YH4LZM ]
   mediaforgews.com [ C:\Documents and Settings\chelsea\Application Data\Macromedia\Flash Player\#SharedObjects\67YH4LZM ]
   msnbcmedia.msn.com [ C:\Documents and Settings\chelsea\Application Data\Macromedia\Flash Player\#SharedObjects\67YH4LZM ]
   objects.tremormedia.com [ C:\Documents and Settings\chelsea\Application Data\Macromedia\Flash Player\#SharedObjects\67YH4LZM ]
   s0.2mdn.net [ C:\Documents and Settings\chelsea\Application Data\Macromedia\Flash Player\#SharedObjects\67YH4LZM ]
   secure-us.imrworldwide.com [ C:\Documents and Settings\chelsea\Application Data\Macromedia\Flash Player\#SharedObjects\67YH4LZM ]
   static.2mdn.net [ C:\Documents and Settings\chelsea\Application Data\Macromedia\Flash Player\#SharedObjects\67YH4LZM ]
   stat.onestat.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   stat.onestat.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .andomedia.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .doubleclick.net [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .lfstmedia.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .interclick.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .interclick.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .interclick.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .specificclick.net [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .specificclick.net [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .specificclick.net [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .specificclick.net [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .specificmedia.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   cdn4.specificclick.net [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   cdn4.specificclick.net [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   cdn4.specificclick.net [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   cdn4.specificclick.net [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .ads.pointroll.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .ads.pointroll.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .ads.pointroll.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .ads.pointroll.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .ads.pointroll.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .ads.pointroll.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .ads.pointroll.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .legolas-media.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .lfstmedia.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .popcapgames.122.2o7.net [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .eyewonder.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .intermundomedia.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .collective-media.net [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .chitika.net [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .network.realmedia.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .invitemedia.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .invitemedia.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .invitemedia.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .invitemedia.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .invitemedia.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .media6degrees.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .media6degrees.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .media6degrees.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .media6degrees.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .media6degrees.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .media6degrees.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .yieldmanager.net [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .adserving.contextualmarketplace.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .adserving.contextualmarketplace.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   rotator.adjuggler.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   rotator.adjuggler.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .imrworldwide.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .imrworldwide.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .target.db.advertising.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .apmebf.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .walmart.112.2o7.net [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .ads.pointroll.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .statcounter.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   ads.bridgetrack.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   cdn4.specificclick.net [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .media.photobucket.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .dmtracker.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .adecn.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .clicksor.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .clicksor.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .clicksor.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .adserver.adtechus.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   dc.tremormedia.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   cdn4.specificclick.net [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   data.coremetrics.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .tjx.112.2o7.net [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .viacom.adbureau.net [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .viacom.adbureau.net [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .viacom.adbureau.net [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .viacom.adbureau.net [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .viacom.adbureau.net [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .kontera.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .kontera.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .kontera.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .kontera.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .specificclick.net [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .adxpose.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .mediaforge.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   cdn4.specificclick.net [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   cdn4.specificclick.net [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .nextag.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .nextag.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .e-2dj6wjmyaic5ekp.stats.esomniture.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .e-2dj6wnkyehajiap.stats.esomniture.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .converse.112.2o7.net [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .specificclick.net [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .doubleclick.net [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .teenchoiceawards.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   stats.gamestop.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   citi.bridgetrack.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   citi.bridgetrack.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   optimize.indieclick.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   in.getclicky.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   ads.comotionmedia.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .nike.112.2o7.net [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .media6degrees.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .stats.complex.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .azjmp.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .lucidmedia.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .media6degrees.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .at.atwola.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .adserving.omnigy.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .adserving.omnigy.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .videoegg.adbureau.net [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .track.socialsurveys.us [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .track.socialsurveys.us [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .mediaforge.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .invitemedia.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .marketlive.122.2o7.net [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   ads.*adult URL* [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .*adult URL* [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .adlegend.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   s02.flagcounter.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .gmglobalgm.112.2o7.net [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .thefriskycom.122.2o7.net [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   www.burstbeacon.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .at.atwola.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .at.atwola.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   uk.sitestat.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   uk.sitestat.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   googleads.g.doubleclick.net [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .linksynergy.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .linksynergy.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .linksynergy.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .adserver.adtechus.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   d.venatusmedia.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   d.venatusmedia.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .view.atdmt.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   games.*adult URL* [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .*adult URL* [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .*adult URL* [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .googleads.g.doubleclick.net [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .mediaforge.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .a1.interclick.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .tacoda.at.atwola.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .tacoda.at.atwola.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .legolas-media.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .legolas-media.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .mediafire.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .stateofgeorgia.122.2o7.net [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .microsoftmachinetranslation.112.2o7.ne t [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .journalregistercompany.122.2o7.net [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .highbeam.122.2o7.net [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   statistics.tri-media.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   statistics.tri-media.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .content.yieldmanager.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .invitemedia.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .mediabrandsww.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .content.yieldmanager.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .technoratimedia.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .technoratimedia.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .technoratimedia.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .technoratimedia.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .technoratimedia.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .technoratimedia.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .technoratimedia.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .invitemedia.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .invitemedia.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   .www.burstnet.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   www.burstnet.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   pixel.invitemedia.com [ C:\Documents and Settings\chelsea\Application Data\Mozilla\Firefox\Profiles\y71zbiy2.default\cookies.sqlite ]
   C:\Documents and Settings\chelsea\Cookies\[email protected][2].txt
   C:\Documents and Settings\chelsea\Cookies\chelsea@247realmedia[1].txt
   C:\Documents and Settings\chelsea\Cookies\chelsea@2o7[1].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][1].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][2].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][2].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][1].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][1].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][1].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][2].txt
   C:\Documents and Settings\chelsea\Cookies\chelsea@adbrite[1].txt
   C:\Documents and Settings\chelsea\Cookies\chelsea@adbureau[1].txt
   C:\Documents and Settings\chelsea\Cookies\chelsea@adecn[1].txt
   C:\Documents and Settings\chelsea\Cookies\chelsea@adinterax[2].txt
   C:\Documents and Settings\chelsea\Cookies\chelsea@adlegend[2].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][1].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][1].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][1].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][2].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][1].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][2].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][1].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][2].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][1].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][2].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][2].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][2].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][1].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][1].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][1].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][1].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][2].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][1].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][1].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][2].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][2].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][1].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][2].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][1].txt
   C:\Documents and Settings\chelsea\Cookies\chelsea@adtech[1].txt
   C:\Documents and Settings\chelsea\Cookies\chelsea@advertise[1].txt
   C:\Documents and Settings\chelsea\Cookies\chelsea@advertising[1].txt
   C:\Documents and Settings\chelsea\Cookies\chelsea@adxpose[1].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][1].txt
   C:\Documents and Settings\chelsea\Cookies\chelsea@andomedia[1].txt
   C:\Documents and Settings\chelsea\Cookies\chelsea@apmebf[2].txt
   C:\Documents and Settings\chelsea\Cookies\chelsea@articleclick[1].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][1].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][1].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][1].txt
   C:\Documents and Settings\chelsea\Cookies\chelsea@atdmt[1].txt
   C:\Documents and Settings\chelsea\Cookies\chelsea@atwola[1].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][1].txt
   C:\Documents and Settings\chelsea\Cookies\chelsea@azjmp[1].txt
   C:\Documents and Settings\chelsea\Cookies\chelsea@bannertgt[1].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][1].txt
   C:\Documents and Settings\chelsea\Cookies\chelsea@bizrate[2].txt
   C:\Documents and Settings\chelsea\Cookies\chelsea@bluestreak[1].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][1].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][1].txt
   C:\Documents and Settings\chelsea\Cookies\chelsea@burstbeacon[2].txt
   C:\Documents and Settings\chelsea\Cookies\chelsea@burstnet[2].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][1].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][1].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][1].txt
   C:\Documents and Settings\chelsea\Cookies\chelsea@chitika[2].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][2].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][1].txt
   C:\Documents and Settings\chelsea\Cookies\chelsea@click2go[1].txt
   C:\Documents and Settings\chelsea\Cookies\chelsea@clickbank[1].txt
   C:\Documents and Settings\chelsea\Cookies\chelsea@clickshift[1].txt
   C:\Documents and Settings\chelsea\Cookies\chelsea@clicksor[1].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][1].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][1].txt
   C:\Documents and Settings\chelsea\Cookies\chelsea@collective-media[1].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][3].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][1].txt
   C:\Documents and Settings\chelsea\Cookies\chelsea@countyfairgrounds[1].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][1].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][2].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][1].txt
   C:\Documents and Settings\chelsea\Cookies\chelsea@dmtracker[1].txt
   C:\Documents and Settings\chelsea\Cookies\chelsea@doubleclick[2].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][1].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][1].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][1].txt
   C:\Documents and Settings\chelsea\Cookies\chelsea@eyewonder[1].txt
   C:\Documents and Settings\chelsea\Cookies\chelsea@fastclick[1].txt
   C:\Documents and Settings\chelsea\Cookies\chelsea@fayettecountyga[2].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][1].txt
   C:\Documents and Settings\chelsea\Cookies\chelsea@findlocation[2].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][1].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][1].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][1].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][2].txt
   C:\Documents and Settings\chelsea\Cookies\chelsea@hairfinder[2].txt
   C:\Documents and Settings\chelsea\Cookies\chelsea@hitbox[1].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][2].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][1].txt
   C:\Documents and Settings\chelsea\Cookies\chelsea@insightexpressai[1].txt
   C:\Documents and Settings\chelsea\Cookies\chelsea@interclick[1].txt
   C:\Documents and Settings\chelsea\Cookies\chelsea@intermundomedia[2].txt
   C:\Documents and Settings\chelsea\Cookies\chelsea@invitemedia[2].txt
   C:\Documents and Settings\chelsea\Cookies\chelsea@kontera[2].txt
   C:\Documents and Settings\chelsea\Cookies\chelsea@legolas-media[1].txt
   C:\Documents and Settings\chelsea\Cookies\chelsea@lfstmedia[2].txt
   C:\Documents and Settings\chelsea\Cookies\chelsea@linksynergy[1].txt
   C:\Documents and Settings\chelsea\Cookies\chelsea@liveperson[1].txt
   C:\Documents and Settings\chelsea\Cookies\chelsea@liveperson[2].txt
   C:\Documents and Settings\chelsea\Cookies\chelsea@liveperson[3].txt
   C:\Documents and Settings\chelsea\Cookies\chelsea@lockedonmedia[1].txt
   C:\Documents and Settings\chelsea\Cookies\chelsea@lucidmedia[1].txt
   C:\Documents and Settings\chelsea\Cookies\chelsea@macromedia[2].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][1].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][1].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][1].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][2].txt
   C:\Documents and Settings\chelsea\Cookies\chelsea@media6degrees[1].txt
   C:\Documents and Settings\chelsea\Cookies\chelsea@mediaforgews[1].txt
   C:\Documents and Settings\chelsea\Cookies\chelsea@mediaforge[1].txt
   C:\Documents and Settings\chelsea\Cookies\chelsea@mediamediawebmonstermedia[1].txt
   C:\Documents and Settings\chelsea\Cookies\chelsea@mediasolutionsmedia[1].txt
   C:\Documents and Settings\chelsea\Cookies\chelsea@mediawebmonstermedia[1].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][1].txt
   C:\Documents and Settings\chelsea\Cookies\chelsea@myroitracking[2].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][1].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][1].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][2].txt
   C:\Documents and Settings\chelsea\Cookies\chelsea@overture[2].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][1].txt
   C:\Documents and Settings\chelsea\Cookies\chelsea@plymedia[1].txt
   C:\Documents and Settings\chelsea\Cookies\chelsea@pointroll[1].txt
   C:\Documents and Settings\chelsea\Cookies\chelsea@prepcountry[2].txt
   C:\Documents and Settings\chelsea\Cookies\chelsea@pro-market[2].txt
   C:\Documents and Settings\chelsea\Cookies\chelsea@qnsr[1].txt
   C:\Documents and Settings\chelsea\Cookies\chelsea@questionmarket[1].txt
   C:\Documents and Settings\chelsea\Cookies\chelsea@realmedia[1].txt
   C:\Documents and Settings\chelsea\Cookies\chelsea@revsci[2].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][1].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][2].txt
   C:\Documents and Settings\chelsea\Cookies\chelsea@ru4[2].txt
   C:\Documents and Settings\chelsea\Cookies\chelsea@rwtrack[1].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][1].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][2].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][4].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][1].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][1].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][3].txt
   C:\Documents and Settings\chelsea\Cookies\chelsea@serving-sys[1].txt
   C:\Documents and Settings\chelsea\Cookies\chelsea@socialmedia[1].txt
   C:\Documents and Settings\chelsea\Cookies\chelsea@specificclick[1].txt
   C:\Documents and Settings\chelsea\Cookies\chelsea@specificmedia[1].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][1].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][2].txt
   C:\Documents and Settings\chelsea\Cookies\chelsea@statcounter[2].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][1].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][2].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][1].txt
   C:\Documents and Settings\chelsea\Cookies\chelsea@tacoda[1].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][2].txt
   C:\Documents and Settings\chelsea\Cookies\chelsea@teenstarhairstyles[1].txt
   C:\Documents and Settings\chelsea\Cookies\chelsea@teentrendsandtips[1].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][1].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][1].txt
   C:\Documents and Settings\chelsea\Cookies\chelsea@tradedoubler[2].txt
   C:\Documents and Settings\chelsea\Cookies\chelsea@trafficmp[2].txt
   C:\Documents and Settings\chelsea\Cookies\chelsea@tribalfusion[2].txt
   C:\Documents and Settings\chelsea\Cookies\chelsea@tripod[2].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][1].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][2].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][2].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][2].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][1].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][1].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][2].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][1].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][6].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][1].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][1].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][1].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][2].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][1].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][2].txt
   C:\Documents and Settings\chelsea\Cookies\chelsea@yieldmanager[2].txt
   C:\Documents and Settings\chelsea\Cookies\chelsea@zedo[1].txt
   C:\Documents and Settings\chelsea\Cookies\[email protected][2].txt
   atdmt.com [ C:\Documents and Settings\court\Application Data\Macromedia\Flash Player\#SharedObjects\PUTSCZ37 ]
   cdn4.specificclick.net [ C:\Documents and Settings\court\Application Data\Macromedia\Flash Player\#SharedObjects\PUTSCZ37 ]
   interclick.com [ C:\Documents and Settings\court\Application Data\Macromedia\Flash Player\#SharedObjects\PUTSCZ37 ]
   media.tattomedia.com [ C:\Documents and Settings\court\Application Data\Macromedia\Flash Player\#SharedObjects\PUTSCZ37 ]
   media1.clubpenguin.com [ C:\Documents and Settings\court\Application Data\Macromedia\Flash Player\#SharedObjects\PUTSCZ37 ]
   udn.specificclick.net [ C:\Documents and Settings\court\Application Data\Macromedia\Flash Player\#SharedObjects\PUTSCZ37 ]
   .interclick.com [ C:\Documents and Settings\court\Application Data\Mozilla\Firefox\Profiles\mz33t5uz.default\cookies.sqlite ]
   .wachovia.112.2o7.net [ C:\Documents and Settings\court\Application Data\Mozilla\Firefox\Profiles\mz33t5uz.default\cookies.sqlite ]
   .apmebf.com [ C:\Documents and Settings\court\Application Data\Mozilla\Firefox\Profiles\mz33t5uz.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\court\Application Data\Mozilla\Firefox\Profiles\mz33t5uz.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\court\Application Data\Mozilla\Firefox\Profiles\mz33t5uz.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\court\Application Data\Mozilla\Firefox\Profiles\mz33t5uz.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\court\Application Data\Mozilla\Firefox\Profiles\mz33t5uz.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\court\Application Data\Mozilla\Firefox\Profiles\mz33t5uz.default\cookies.sqlite ]
   .socialmedia.com [ C:\Documents and Settings\court\Application Data\Mozilla\Firefox\Profiles\mz33t5uz.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\court\Application Data\Mozilla\Firefox\Profiles\mz33t5uz.default\cookies.sqlite ]
   stat.onestat.com [ C:\Documents and Settings\court\Application Data\Mozilla\Firefox\Profiles\mz33t5uz.default\cookies.sqlite ]
   stat.onestat.com [ C:\Documents and Settings\court\Application Data\Mozilla\Firefox\Profiles\mz33t5uz.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\court\Application Data\Mozilla\Firefox\Profiles\mz33t5uz.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\court\Application Data\Mozilla\Firefox\Profiles\mz33t5uz.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\court\Application Data\Mozilla\Firefox\Profiles\mz33t5uz.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\court\Application Data\Mozilla\Firefox\Profiles\mz33t5uz.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\court\Application Data\Mozilla\Firefox\Profiles\mz33t5uz.default\cookies.sqlite ]
   .specificclick.net [ C:\Documents and Settings\court\Application Data\Mozilla\Firefox\Profiles\mz33t5uz.default\cookies.sqlite ]
   .specificclick.net [ C:\Documents and Settings\court\Application Data\Mozilla\Firefox\Profiles\mz33t5uz.default\cookies.sqlite ]
   .specificclick.net [ C:\Documents and Settings\court\Application Data\Mozilla\Firefox\Profiles\mz33t5uz.default\cookies.sqlite ]
   .specificmedia.com [ C:\Documents and Settings\court\Application Data\Mozilla\Firefox\Profiles\mz33t5uz.default\cookies.sqlite ]
   .specificclick.net [ C:\Documents and Settings\court\Application Data\Mozilla\Firefox\Profiles\mz33t5uz.default\cookies.sqlite ]
   .doubleclick.net [ C:\Documents and Settings\court\Application Data\Mozilla\Firefox\Profiles\mz33t5uz.default\cookies.sqlite ]
   .collective-media.net [ C:\Documents and Settings\court\Application Data\Mozilla\Firefox\Profiles\mz33t5uz.default\cookies.sqlite ]
   .eyewonder.com [ C:\Documents and Settings\court\Application Data\Mozilla\Firefox\Profiles\mz33t5uz.default\cookies.sqlite ]
   .eyewonder.com [ C:\Documents and Settings\court\Application Data\Mozilla\Firefox\Profiles\mz33t5uz.default\cookies.sqlite ]
   .interclick.com [ C:\Documents and Settings\court\Application Data\Mozilla\Firefox\Profiles\mz33t5uz.default\cookies.sqlite ]
   .adserver.adtechus.com [ C:\Documents and Settings\court\Application Data\Mozilla\Firefox\Profiles\mz33t5uz.default\cookies.sqlite ]
   dc.tremormedia.com [ C:\Documents and Settings\court\Application Data\Mozilla\Firefox\Profiles\mz33t5uz.default\cookies.sqlite ]
   .kontera.com [ C:\Documents and Settings\court\Application Data\Mozilla\Firefox\Profiles\mz33t5uz.default\cookies.sqlite ]
   us.sitestat.com [ C:\Documents and Settings\court\Application Data\Mozilla\Firefox\Profiles\mz33t5uz.default\cookies.sqlite ]
   us.sitestat.com [ C:\Documents and Settings\court\Application Data\Mozilla\Firefox\Profiles\mz33t5uz.default\cookies.sqlite ]
   .sojern.122.2o7.net [ C:\Documents and Settings\court\Application Data\Mozilla\Firefox\Profiles\mz33t5uz.default\cookies.sqlite ]
   .ads.pointroll.com [ C:\Documents and Settings\court\Application Data\Mozilla\Firefox\Profiles\mz33t5uz.default\cookies.sqlite ]
   .ads.pointroll.com [ C:\Documents and Settings\court\Application Data\Mozilla\Firefox\Profiles\mz33t5uz.default\cookies.sqlite ]
   .ads.pointroll.com [ C:\Documents and Settings\court\Application Data\Mozilla\Firefox\Profiles\mz33t5uz.default\cookies.sqlite ]
   .ads.pointroll.com [ C:\Documents and Settings\court\Application Data\Mozilla\Firefox\Profiles\mz33t5uz.default\cookies.sqlite ]
   .ads.pointroll.com [ C:\Documents and Settings\court\Application Data\Mozilla\Firefox\Profiles\mz33t5uz.default\cookies.sqlite ]
   .ads.pointroll.com [ C:\Documents and Settings\court\Application Data\Mozilla\Firefox\Profiles\mz33t5uz.default\cookies.sqlite ]
   .ads.pointroll.com [ C:\Documents and Settings\court\Application Data\Mozilla\Firefox\Profiles\mz33t5uz.default\cookies.sqlite ]
   .ads.pointroll.com [ C:\Documents and Settings\court\Application Data\Mozilla\Firefox\Profiles\mz33t5uz.default\cookies.sqlite ]
   .imrworldwide.com [ C:\Documents and Settings\court\Application Data\Mozilla\Firefox\Profiles\mz33t5uz.default\cookies.sqlite ]
   .imrworldwide.com [ C:\Documents and Settings\court\Application Data\Mozilla\Firefox\Profiles\mz33t5uz.default\cookies.sqlite ]
   googleads.g.doubleclick.net [ C:\Documents and Settings\court\Application Data\Mozilla\Firefox\Profiles\mz33t5uz.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\court\Application Data\Mozilla\Firefox\Profiles\mz33t5uz.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\court\Application Data\Mozilla\Firefox\Profiles\mz33t5uz.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\court\Application Data\Mozilla\Firefox\Profiles\mz33t5uz.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\court\Application Data\Mozilla\Firefox\Profiles\mz33t5uz.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\court\Application Data\Mozilla\Firefox\Profiles\mz33t5uz.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\court\Application Data\Mozilla\Firefox\Profiles\mz33t5uz.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Documents and Settings\court\Application Data\Mozilla\Firefox\Profiles\mz33t5uz.default\cookies.sqlite ]
   .interclick.com [ C:\Documents and Settings\court\Application Data\Mozilla\Firefox\Profiles\mz33t5uz.default\cookies.sqlite ]
   .interclick.com [ C:\Documents and Settings\court\Application Data\Mozilla\Firefox\Profiles\mz33t5uz.default\cookies.sqlite ]
   .interclick.com [ C:\Documents and Settings\court\Application Data\Mozilla\Firefox\Profiles\mz33t5uz.default\cookies.sqlite ]
   .invitemedia.com [ C:\Documents and Settings\court\Application Data\Mozilla\Firefox\Profiles\mz33t5uz.default\cookies.sqlite ]
   .invitemedia.com [ C:\Documents and Settings\court\Application Data\Mozilla\Firefox\Profiles\mz33t5uz.default\cookies.sqlite ]
   myaccount.verizonwireless.com [ C:\Documents and Settings\court\Application Data\Mozilla\Firefox\Profiles\mz33t5uz.default\cookies.sqlite ]
   .ehg-verizon.hitbox.com [ C:\Documents and Settings\court\Application Data\Mozilla\Firefox\Profiles\mz33t5uz.default\cookies.sqlite ]
   .ehg-verizon.hitbox.com [ C:\Documents and Settings\court\Application Data\Mozilla\Firefox\Profiles\mz33t5uz.default\cookies.sqlite ]
   C:\Documents and Settings\court\Cookies\[email protected][2].txt
   C:\Documents and Settings\court\Cookies\[email protected][1].txt
   C:\Documents and Settings\court\Cookies\[email protected][1].txt
   C:\Documents and Settings\court\Cookies\[email protected][2].txt
   C:\Documents and Settings\court\Cookies\[email protected][1].txt
   C:\Documents and Settings\court\Cookies\[email protected][2].txt
   C:\Documents and Settings\court\Cookies\[email protected][1].txt
   C:\Documents and Settings\court\Cookies\[email protected][1].txt
   C:\Documents and Settings\court\Cookies\[email protected][1].txt
   C:\Documents and Settings\court\Cookies\court@advertising[1].txt
   C:\Documents and Settings\court\Cookies\court@apmebf[1].txt
   C:\Documents and Settings\court\Cookies\[email protected][1].txt
   C:\Documents and Settings\court\Cookies\court@atdmt[1].txt
   C:\Documents and Settings\court\Cookies\[email protected][1].txt
   C:\Documents and Settings\court\Cookies\[email protected][1].txt
   C:\Documents and Settings\court\Cookies\court@collective-media[1].txt
   C:\Documents and Settings\court\Cookies\[email protected][1].txt
   C:\Documents and Settings\court\Cookies\court@doubleclick[2].txt
   C:\Documents and Settings\court\Cookies\[email protected][2].txt
   C:\Documents and Settings\court\Cookies\[email protected][2].txt
   C:\Documents and Settings\court\Cookies\[email protected][2].txt
   C:\Documents and Settings\court\Cookies\court@fastclick[2].txt
   C:\Documents and Settings\court\Cookies\[email protected][2].txt
   C:\Documents and Settings\court\Cookies\[email protected][1].txt
   C:\Documents and Settings\court\Cookies\court@insightexpressai[2].txt
   C:\Documents and Settings\court\Cookies\court@interclick[2].txt
   C:\Documents and Settings\court\Cookies\court@intermundomedia[2].txt
   C:\Documents and Settings\court\Cookies\court@invitemedia[1].txt
   C:\Documents and Settings\court\Cookies\court@legolas-media[1].txt
   C:\Documents and Settings\court\Cookies\court@media6degrees[1].txt
   C:\Documents and Settings\court\Cookies\court@mediaplex[2].txt
   C:\Documents and Settings\court\Cookies\[email protected][1].txt
   C:\Documents and Settings\court\Cookies\court@pointroll[2].txt
   C:\Documents and Settings\court\Cookies\court@prepcountry[2].txt
   C:\Documents and Settings\court\Cookies\court@realmedia[2].txt
   C:\Documents and Settings\court\Cookies\court@revsci[2].txt
   C:\Documents and Settings\court\Cookies\[email protected][2].txt
   C:\Documents and Settings\court\Cookies\[email protected][3].txt
   C:\Documents and Settings\court\Cookies\court@specificclick[1].txt
   C:\Documents and Settings\court\Cookies\court@specificmedia[2].txt
   C:\Documents and Settings\court\Cookies\court@tacoda[2].txt
   C:\Documents and Settings\court\Cookies\[email protected][2].txt
   C:\Documents and Settings\court\Cookies\court@trafficmp[1].txt
   C:\Documents and Settings\court\Cookies\court@tribalfusion[2].txt
   C:\Documents and Settings\court\Cookies\[email protected][1].txt
   C:\Documents and Settings\court\Cookies\[email protected][1].txt
   C:\Documents and Settings\court\Cookies\[email protected][1].txt
   C:\Documents and Settings\court\Cookies\court@yieldmanager[1].txt
   C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
   C:\Documents and Settings\Guest\Cookies\guest@insightexpressai[2].txt
   C:\Documents and Settings\Guest\Cookies\guest@specificclick[2].txt
   cdn.eyewonder.com [ C:\Documents and Settings\John\Application Da

[SuperDave]

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
******************************************************

Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
• Please save the log to a location you will remember.
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
****************************************************

Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copy and pasting it into the reply.

[bpilgrim93]

After running the MBAM scan, it said there was one infection found. I clicked on it and it said it said it was removed but needed to restart to complete the removal.  Like I said earlier though, my computer once again froze when trying to turn off though. I had to manually press the button on the computer to turn it off and then turned it back on. I don't know if this would effect the removal process or not? Here's the logs though.


MBAM LOG


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5975

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

3/6/2011 7:47:59 PM
mbam-log-2011-03-06 (19-47-59).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Objects scanned: 380659
Time elapsed: 3 hour(s), 8 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\pch\xp patches\other\xppid\XPPID.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.




DDS LOG


.
DDS (Ver_11-03-05.01) - NTFSx86 
Run by Blake at 19:53:43.91 on Sun 03/06/2011
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_24
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2046.1276 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
svchost.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Blake\My Documents\Downloads\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4061212
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4061212
uInternet Connection Wizard,ShellNext = iexplore
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\smart web printing\hpswp_printenhancer.dll
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: ShopAtHome.com Toolbar: {98279c38-de4b-4bcf-93c9-8ec26069d6f4} - c:\program files\selectrebates\toolbar\ShopAtHomeToolbar.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [OE_OEM] "c:\program files\trend micro\internet security 14\tmas_oe\TMAS_OEMon.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [sliipmwa] c:\windows\temp\kbafuiaoq\fpvbeaxhmof.exe
dRun: [avdcvotf] c:\windows\temp\cpfdumoso\fnacwujhmof.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\blake\applic~1\mozilla\firefox\profiles\gtn850yu.default\
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: [email protected] - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 299984]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-2-21 24652]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-1 135664]
.
=============== Created Last 30 ================
.
2011-03-06 03:31:35   388096   ----a-r-   c:\docume~1\blake\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-03-06 03:17:27   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2011-03-06 03:17:27   472808   ----a-w-   c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-02-28 21:09:43   --------   d-----w-   c:\docume~1\blake\applic~1\Malwarebytes
2011-02-28 21:08:54   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-28 21:08:54   --------   d-----w-   c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-02-28 21:08:50   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-02-28 21:08:50   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2011-02-28 00:57:44   --------   d-----w-   c:\docume~1\blake\applic~1\SUPERAntiSpyware.com
2011-02-28 00:57:44   --------   d-----w-   c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2011-02-28 00:57:31   --------   d-----w-   c:\program files\SUPERAntiSpyware
2011-02-28 00:17:55   --------   d-----w-   c:\program files\CCleaner
2011-02-26 06:04:15   --------   d-----w-   c:\docume~1\blake\applic~1\alotappbar
2011-02-25 04:50:58   --------   d-----w-   c:\docume~1\alluse~1\applic~1\cHcMpGl08200
.
==================== Find3M  ====================
.
2011-02-03 00:19:39   73728   ----a-w-   c:\windows\system32\javacpl.cpl
.
=================== ROOTKIT  ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST332063 rev.3.AD -> Harddisk0\DR0 -> \Device\Ide\iaStor0
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x89FB0439]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x89fb67b8]; MOV EAX, [0x89fb6834]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX;  }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8A8EF030]
3 CLASSPNP[0xBA0F8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x89E737D0]
\Driver\iaStor[0x8A9451B8] -> IRP_MJ_CREATE -> 0x89FB0439
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP;  }
detected disk devices:
\Device\Ide\IAAStorageDevice-2 -> \??\IDE#DiskST3320633AS_____________________________3.ADH___#4&3836d654&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
sectors 625142446 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
.
============= FINISH: 19:55:31.02 ===============



ATTACH LOG


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 12/22/2006 2:27:47 PM
System Uptime: 3/6/2011 7:50:28 PM (0 hours ago)
.
Motherboard: Dell Inc.           |  | 0WG864
Processor: Intel(R) Core(TM)2 CPU          6300  @ 1.86GHz | Microprocessor | 1862/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 293 GiB total, 262.269 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Photosmart C7200 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart C7200 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: HP Color LaserJet 3600
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer: Hewlett-Packard
Name: HP Color LaserJet 3600
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: HP LaserJet M1522nf MFP
Device ID: ROOT\MULTIFUNCTION\0002
Manufacturer: Hewlett-Packard
Name: HP LaserJet M1522nf MFP
PNP Device ID: ROOT\MULTIFUNCTION\0002
Service:
.
==== System Restore Points ===================
.
RP1319: 2/27/2011 11:07:43 PM - Software Distribution Service 3.0
RP1320: 3/1/2011 7:06:03 PM - System Checkpoint
RP1321: 3/3/2011 2:18:42 AM - Software Distribution Service 3.0
RP1322: 3/5/2011 3:52:26 PM - System Checkpoint
RP1323: 3/5/2011 10:16:43 PM - Installed Java(TM) 6 Update 24
RP1324: 3/5/2011 10:31:35 PM - Installed HiJackThis
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop Album 2.0
Adobe Reader 9
Adobe Shockwave Player
AIO_Scan
AOL Uninstaller (Choose which Products to Remove)
AOLIcon
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG 2011
BufferChm
C7200
C7200_doccd
c7200_Help
CCleaner
Compatibility Pack for the 2007 Office system
Conexant D850 56K V.9x DFVc Modem
Copy
Coupon Printer for Windows
Critical Update for Windows Media Player 11 (KB959772)
CustomerResearchQFolder
Dell CinePlayer
Dell Driver Reset Tool
Dell Resource CD
Dell Support 3.2.1
Dell System Restore
Destination Component
DeviceDiscovery
DeviceManagementQFolder
Digital Content Portal
Digital Line Detect
DocProc
DocProcQFolder
Documentation & Support Launcher
EarthLink Setup Files
EducateU
ESPNMotion
eSupportQFolder
Fax
FrostWire 4.21.3
Games, Music, & Photos Launcher
GemMaster Mystic
Get High Speed Internet!
Google Toolbar for Internet Explorer
Google Update Helper
High Definition Audio Driver Package - KB835221
HiJackThis
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 9.0
HP Imaging Device Functions 9.0
HP OCR Software 9.0
HP Photosmart All-In-One Software 9.0
HP Photosmart Essential 2.01
HP Photosmart Essential2.01
HP Smart Web Printing
HP Solution Center 9.0
HP Update
HPPhotoSmartExpress
HPProductAssistant
HPSSupply
Intel(R) Matrix Storage Manager
Intel(R) PRO Network Connections
Internet Service Offers Launcher
iTunes
J2SE Runtime Environment 5.0 Update 6
Java Auto Updater
Java(TM) 6 Update 24
Learn2 Player (Uninstall Only)
LG USB Modem driver
Malwarebytes' Anti-Malware
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Outlook 2003 with Business Contact Manager Update
Microsoft Office Professional Edition 2003
Microsoft Office Small Business Edition 2003
Microsoft Office Word Viewer 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Modem Helper
Mozilla Firefox (3.6.13)
MP3 Player Utilities
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NetDeviceManager
NetWaiting
NVIDIA Drivers
Otto
PanoStandAlone
PS_AIO_02_ProductContext
PS_AIO_02_Software
PS_AIO_02_Software_min
PSSWCORE
Qualxserve Service Agreement
QuickTime
RealPlayer Basic
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Scan
SearchAssist
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
ShopAtHome.com Toolbar
SolutionCenter
Sonic Activation Module
Sonic Encoders
Sonic Update Manager
Status
SUPERAntiSpyware
Toolbox
TrayApp
U3Launcher
Uninstall Dual Mode Camera
Unload
UnloadSupport
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
URL Assistant
VideoToolkit01
Viewpoint Media Player
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
Yahoo! Install Manager
.
==== Event Viewer Messages From Past Week ========
.
3/2/2011 2:21:58 AM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  Beep
2/27/2011 2:22:58 AM, error: Service Control Manager [7034]  - The Windows Installer service terminated unexpectedly.  It has done this 1 time(s).
2/27/2011 11:06:51 PM, error: sr [1]  - The System Restore filter encountered the unexpected error '0xC0000043' while processing the file 'Loader.swf' on the volume 'HarddiskVolume2'.  It has stopped monitoring the volume.
.
==== End Of File ===========================

[SuperDave]

You have Viewpoint installed.

Viewpoint Media Player/Manager/Toolbar is considered as Foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".

More information:

* ViewMgr.exe - Useless
* Viewpoint to Plunge Into Adware

It is suggested to remove the program now. Go to Start > Control Panel > Add/Remove Programs - (Vista & Win7 is Programs and Features) and remove the following programs if present.

* Viewpoint
* Viewpoint Manager
* Viewpoint Media Player
* Viewpoint Toolbar
* Viewpoint Experience Technology
You must also uninstall selectrebates because it is adware

********************************************
P2P - I see you have P2P software installed on your machine (FrostWire 4.21.3). We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.
*************************************************
Download OTL to your desktop.
* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

Code: [Select]

:OTL
TB: ShopAtHome.com Toolbar: {98279c38-de4b-4bcf-93c9-8ec26069d6f4} - c:\program files\selectrebates\toolbar\ShopAtHomeToolbar.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
dRun: [sliipmwa] c:\windows\temp\kbafuiaoq\fpvbeaxhmof.exe
dRun: [avdcvotf] c:\windows\temp\cpfdumoso\fnacwujhmof.exe

:files
c:\windows\temp\kbafuiaoq\fpvbeaxhmof.exe
c:\windows\temp\cpfdumoso\fnacwujhmof.exe

:folders
c:\windows\temp\kbafuiaoq
c:\windows\temp\cpfdumoso

:COMMANDS
[resethosts]
[purity]
[emptytemp]
[start explorer]

* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.
**********************************************************

Please open Command Prompt (Start > Run and type CMD and press OK [Vista/7: Start search: CMD and press enter])
Enter the following in to the black box, pressing enter after each line:

Code: [Select]

cd desktop

mbr.exe -f

exit

Post a log (MBR.log).

[bpilgrim93]

I'm sorry, I don't know what you mean when you say post the MBR log?  Also, we have Frostwire on our computer simply for downloading music. Could you recommend any alternative that would be safer, but still free?



All processes killed
========== OTL ==========
========== FILES ==========
File\Folder c:\windows\temp\kbafuiaoq\fpvbeaxhmof.exe not found.
File\Folder c:\windows\temp\cpfdumoso\fnacwujhmof.exe not found.
Error: Unable to interpret <:folders> in the current context!
Error: Unable to interpret <c:\windows\temp\kbafuiaoq> in the current context!
Error: Unable to interpret <c:\windows\temp\cpfdumoso> in the current context!
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 32768 bytes
 
User: All Users
 
User: Blake
->Temp folder emptied: 215414 bytes
->Temporary Internet Files folder emptied: 9699998 bytes
->Java cache emptied: 987937 bytes
->FireFox cache emptied: 90280722 bytes
->Flash cache emptied: 8035 bytes
 
User: chelsea
->Temp folder emptied: 80178427 bytes
->Temporary Internet Files folder emptied: 1411230937 bytes
->Java cache emptied: 5681773 bytes
->FireFox cache emptied: 124087246 bytes
->Flash cache emptied: 300197 bytes
 
User: court
->Temp folder emptied: 5095957 bytes
->Temporary Internet Files folder emptied: 259008636 bytes
->Java cache emptied: 4938698 bytes
->FireFox cache emptied: 58966024 bytes
->Flash cache emptied: 25849 bytes
 
User: Default User
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 32902 bytes
 
User: Guest
->Temp folder emptied: 58597 bytes
->Temporary Internet Files folder emptied: 12527380 bytes
->Flash cache emptied: 348 bytes
 
User: John
 
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 82545830 bytes
->Flash cache emptied: 3950 bytes
 
User: Marjorie Pilgrim
->Temp folder emptied: 48923072 bytes
->Temporary Internet Files folder emptied: 54755309 bytes
->Java cache emptied: 1869557 bytes
->FireFox cache emptied: 89262933 bytes
->Flash cache emptied: 351352 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 48986300 bytes
->Java cache emptied: 552 bytes
->Flash cache emptied: 9772 bytes
 
User: nicole
->Temp folder emptied: 321173622 bytes
->Temporary Internet Files folder emptied: 278051947 bytes
->Java cache emptied: 4398954 bytes
->FireFox cache emptied: 83640552 bytes
->Flash cache emptied: 143014 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 39138 bytes
%systemroot%\System32 .tmp files removed: 5171729 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 237510 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 16384 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34604 bytes
RecycleBin emptied: 1984 bytes
 
Total Files Cleaned = 2,940.00 mb
 
 
OTL by OldTimer - Version 3.2.22.3 log created on 03072011_160942

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_684.dat not found!

Registry entries deleted on Reboot...

[SuperDave]

I'm sorry, I don't know what you mean when you say post the MBR log?

If you followed the directions correctly, the MBR log should be somewhere on your desktop.

Also, we have Frostwire on our computer simply for downloading music. Could you recommend any alternative that would be safer, but still free?

As I stated before, most, if not all, P2P programs are safe programs. When you download music, files, videos from other people you don't what kind of infections are in those downloads. That is where the problem is.

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

and save it to your Desktop.
If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Double click ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you.  Please include the contents of C:\ComboFix.txt in your next reply.

If you have problems with ComboFix usage, see How to use ComboFix

[bpilgrim93]

When trying to get the MBR, this is what I see.

C:/Documents and Settings/Blake>cd desktop (pressed enter)

C:/Documents and Settings/Blake/Desktop>mbr.exe -f (pressed enter)
'mbr.exe' is not recognized as an internal or external command,
operable program or batch file.

C:/Documents and Settings/Blake/ Desktop> 

The only difference is that all the "/" were backslashes, my keyboard just doesn't have a back slash key.


Also when trying to use Combofix, even though I disabled my AVG 2011, I get a message saying: "ComboFix cannot run when AVG is installed. This is due to AVG's targeting of Combofix's files/processes.  It would be dangerous to continue.  Please uninstall AVG or use another tool."

Should I uninstall AVG? I seem to be stuck here...

[SuperDave]

Ok. Please run this MBR scan below.
I have provided a link below to a number of free AV programs. Download and install one of them(other that AVG) and then remove AVG with the AVG Removal Tool I've provide below.

Download the MBR Rootkit Detector to your desktop.

* Doubleclick mbr.exe and follow prompts.
* A black DOS window will quickly appear then disappear.
* When mbr.exe is finished it will create a log on your desktop.
* Copy and paste contents of that log file to your next reply.
*************************************************

Remember to only install one antivirus!
 
1) Avast! Home Edition
2) AVG Free Edition
3) Avira AntiVir Personal
4) Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download
4-a) Microsoft Security Essentials for Windows XP
5) Comodo Antivirus (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
6) PC Tools AntiVirus Free Edition

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.
***********************************************
AVG Antivirus - AVG Antivirus Remover utility

[bpilgrim93]

MBR LOG

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST332063 rev.3.AD -> Harddisk0\DR0 -> \Device\Ide\iaStor0

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
detected disk devices:
\Device\Ide\IAAStorageDevice-2 -> \??\IDE#DiskST3320633AS_____________________________3.ADH___#4&3836d654&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
sectors 625142446 (+255): user != kernel



COMBOFIX LOG

ComboFix 11-03-08.03 - Blake 03/08/2011  22:01:00.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2046.1611 [GMT -5:00]
Running from: c:\documents and settings\Blake\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Quicktime\QTTask.exe
c:\windows\desktop
c:\windows\system32\AutoRun.inf
.
.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
(((((((((((((((((((((((((   Files Created from 2011-02-09 to 2011-03-09  )))))))))))))))))))))))))))))))
.
.
2011-03-09 02:47 . 2011-03-09 02:48   --------   d-----w-   C:\32788R22FWJFW
2011-03-09 01:19 . 2011-02-23 14:56   301528   ----a-w-   c:\windows\system32\drivers\aswSP.sys
2011-03-09 01:19 . 2011-02-23 14:54   19544   ----a-w-   c:\windows\system32\drivers\aswFsBlk.sys
2011-03-09 01:19 . 2011-02-23 14:56   371544   ----a-w-   c:\windows\system32\drivers\aswSnx.sys
2011-03-09 01:19 . 2011-02-23 14:55   49240   ----a-w-   c:\windows\system32\drivers\aswTdi.sys
2011-03-09 01:19 . 2011-02-23 14:55   102232   ----a-w-   c:\windows\system32\drivers\aswmon2.sys
2011-03-09 01:19 . 2011-02-23 14:55   96344   ----a-w-   c:\windows\system32\drivers\aswmon.sys
2011-03-09 01:19 . 2011-02-23 14:55   25432   ----a-w-   c:\windows\system32\drivers\aswRdr.sys
2011-03-09 01:19 . 2011-02-23 14:54   30680   ----a-w-   c:\windows\system32\drivers\aavmker4.sys
2011-03-09 01:19 . 2011-02-23 15:04   40648   ----a-w-   c:\windows\avastSS.scr
2011-03-09 01:19 . 2011-02-23 15:04   190016   ----a-w-   c:\windows\system32\aswBoot.exe
2011-03-09 01:19 . 2011-03-09 01:19   --------   d-----w-   c:\program files\AVAST Software
2011-03-09 01:19 . 2011-03-09 01:19   --------   d-----w-   c:\documents and settings\All Users\Application Data\AVAST Software
2011-03-07 21:09 . 2011-03-07 21:09   --------   d-----w-   C:\_OTL
2011-03-06 03:31 . 2011-03-06 03:31   388096   ----a-r-   c:\documents and settings\Blake\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-03-06 03:17 . 2011-02-03 02:40   472808   ----a-w-   c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-03-06 03:17 . 2011-02-03 02:40   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2011-03-06 03:15 . 2011-03-06 03:15   --------   d-----w-   c:\documents and settings\All Users\Application Data\McAfee
2011-02-28 21:09 . 2011-02-28 21:09   --------   d-----w-   c:\documents and settings\Blake\Application Data\Malwarebytes
2011-02-28 21:08 . 2011-02-28 21:08   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2011-02-28 21:08 . 2010-12-20 23:09   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-28 21:08 . 2011-02-28 21:08   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2011-02-28 21:08 . 2010-12-20 23:08   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-02-28 00:57 . 2011-02-28 00:57   --------   d-----w-   c:\documents and settings\Blake\Application Data\SUPERAntiSpyware.com
2011-02-28 00:57 . 2011-02-28 00:57   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-02-28 00:57 . 2011-02-28 00:57   --------   d-----w-   c:\program files\SUPERAntiSpyware
2011-02-28 00:17 . 2011-02-28 00:17   --------   d-----w-   c:\program files\CCleaner
2011-02-27 06:52 . 2011-02-27 06:52   --------   d-----w-   c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-02-27 01:15 . 2011-02-27 01:15   --------   d-----w-   c:\documents and settings\NetworkService\Local Settings\Application Data\Identities
2011-02-26 06:04 . 2011-02-26 06:04   --------   d-----w-   c:\documents and settings\Blake\Application Data\alotappbar
2011-02-25 22:42 . 2011-02-25 23:02   --------   d-----w-   c:\documents and settings\chelsea\Local Settings\Application Data\AskToolbar
2011-02-25 18:17 . 2011-02-25 20:36   --------   d-----w-   c:\documents and settings\Marjorie Pilgrim\Local Settings\Application Data\AskToolbar
2011-02-25 04:50 . 2011-02-25 04:51   --------   d-----w-   c:\documents and settings\All Users\Application Data\cHcMpGl08200
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-03 00:19 . 2010-05-06 05:27   73728   ----a-w-   c:\windows\system32\javacpl.cpl
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04   122512   ----a-w-   c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-16 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-16 7323648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LaunchU3.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\LaunchU3.exe.lnk
backup=c:\windows\pss\LaunchU3.exe.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=c:\windows\pss\Service Manager.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12   15360   ----a-w-   c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2006-08-29 03:57   395776   ----a-w-   c:\program files\Dell Support\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
2005-09-08 11:20   122940   ----a-w-   c:\windows\system32\DLA\DLACTRLW.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-10-05 09:12   94208   ----a-w-   c:\program files\Dell\Media Experience\DMXLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-09-29 20:01   67584   ----a-w-   c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-12 01:34   49152   ----a-w-   c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2006-07-06 13:15   151552   ----a-w-   c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 22:50   221184   ----a-w-   c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-07-27 22:50   81920   ----a-w-   c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-01 12:32   421160   ----a-w-   c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12   1695232   ----a-w-   c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2006-06-16 14:39   7323648   ----a-w-   c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2006-07-24 16:20   282624   ----a-w-   c:\windows\stsystra.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-06-16 19:23   68856   ----a-w-   c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\WINDOWS\\network diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3227:UDP"= 3227:UDP:Windows Media Format SDK (iexplore.exe)
"3226:UDP"= 3226:UDP:Windows Media Format SDK (iexplore.exe)
"3230:UDP"= 3230:UDP:Windows Media Format SDK (iexplore.exe)
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [3/8/2011 8:19 PM 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/8/2011 8:19 PM 301528]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/8/2011 8:19 PM 19544]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/1/2010 7:53 PM 135664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt   REG_MULTI_SZ      hpqcxs08 hpqddsvc
HPService   REG_MULTI_SZ      HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder
.
2011-02-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
2011-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 00:53]
.
2011-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 00:53]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4061212
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Blake\Application Data\Mozilla\Firefox\Profiles\gtn850yu.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: avast! WebRep: [email protected] - c:\program files\AVAST Software\Avast\WebRep\FF
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-OE_OEM - c:\program files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe
HKLM-Run-QuickTime Task - c:\program files\QuickTime\qttask.exe
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-OE_OEM - c:\program files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe
MSConfigStartUp-pccguide - c:\program files\Trend Micro\Internet Security 14\pccguide.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\qttask.exe
AddRemove-Coupon Printer for Windows4.0 - c:\program files\Coupons\uninstall.exe
AddRemove-{2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\Google\Google Toolbar\Component\GoogleToolbarManager_4079369A224CB572.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-08 22:29
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST332063 rev.3.AD -> Harddisk0\DR0 -> \Device\Ide\iaStor0
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x89FB0439]<<
c:\docume~1\Blake\LOCALS~1\Temp\catchme.sys 
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x89fb67b8]; MOV EAX, [0x89fb6834]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX;  }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8A8DC030]
3 CLASSPNP[0xBA0E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8A8ECF18]
\Driver\iaStor[0x8A8DAA30] -> IRP_MJ_CREATE -> 0x89FB0439
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP;  }
detected disk devices:
\Device\Ide\IAAStorageDevice-2 -> \??\IDE#DiskST3320633AS_____________________________3.ADH___#4&3836d654&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
sectors 625142446 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
@=""
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"Installed"="1"
"NoChange"="1"
@=""
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
@=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(756)
c:\windows\system32\WININET.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
- - - - - - - > 'lsass.exe'(816)
c:\windows\system32\WININET.dll
.
Completion time: 2011-03-08  22:40:32
ComboFix-quarantined-files.txt  2011-03-09 03:40
.
Pre-Run: 284,900,667,392 bytes free
Post-Run: 285,009,596,416 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 6E8CE0057113F347CA30B518CA812C15

[SuperDave]

Ok. Let's try this again.

Please open Command Prompt (Start > Run and type CMD and press OK [Vista/7: Start search: CMD and press enter])
Enter the following in to the black box, pressing enter after each line:

Code: [Select]

cd desktop

mbr.exe -f

exit

Post a log (MBR.log).

[bpilgrim93]

A log didn't pop up on my desktop, so I did a search for mbr.log and this is what came up.




Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST332063 rev.3.AD -> Harddisk0\DR0 -> \Device\Ide\iaStor0

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
detected disk devices:
\Device\Ide\IAAStorageDevice-2 -> \??\IDE#DiskST3320633AS_____________________________3.ADH___#4&3836d654&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
sectors 625142446 (+255): user != kernel

[SuperDave]

SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

• Double click Sysprot.exe to start the program.
• Click on the Log tab.
• In the Write to log box select the following items.
• Process << Selected
  
• Kernel Modules << Selected
  
• SSDT << Selected
  
• Kernel Hooks << Selected
  
• IRP Hooks << NOT Selected
  
• Ports << NOT Selected
  
• Hidden Files << Selected
  
• At the bottom of the page
• Hidden Objects Only << Selected
  
• Click on the Create Log button on the bottom right.
• After a few seconds a new window should appear.
• Select Scan Root Drive. Click on the Start button.
• When it is complete a new window will appear to indicate that the scan is finished.
• The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

[bpilgrim93]

Sorry, I've been busy lately. Whenever trying to copy and paste the log, it won't let me do so. It just shows a blank page like it won't load. When I copy the log to the page, it freezes for a second before it actually paste like it's loading or something.

[bpilgrim93]

For the record too, I've tried it several times on 4 different days, each time with the same result. But my last two posts without the logs have loaded just fine.

[SuperDave]

Try attaching the log.