# Need assistance with Searchnu.com/406.



## dgp1939 (Oct 9, 2003)

Requesting help from Cookiegal!

Running XP SP3 on a Dell Dimension 4500. This little critter (Searchnu.com/406) has blocked system restore, messed up my desktop start screen, added a (Searchnu.com/406) tab each time Chrome is started and who knows what else. Ran AVG Free 2012 scan and IObit cleaners, but it won't die. I think it got in when I downloaded some cheapo freebie software, but not sure what or when.

Hijack this log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:13:57 PM, on 5/28/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxdncoms.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Nova Development\Photo Explosion 3.0 SE\calcheck.exe
C:\Program Files\Lexmark 2600 Series\lxdnMsdMon.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe
C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Don\My Documents\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchnu.com/406
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.broderbund.com/jump.jsp?itemID=442&itemType=CATEGORY
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: CrossriderApp0002258 - {11111111-1111-1111-1111-110011221158} - C:\Program Files\I Want This\I Want This.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - (no file)
O2 - BHO: Funmoods Helper Object - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\Program Files\Funmoods\funmoods\1.5.11.16\bh\funmoods.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Funmoods Toolbar - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\Program Files\Funmoods\funmoods\1.5.11.16\funmoodsTlbr.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [lxdnmon.exe] "C:\Program Files\Lexmark 2600 Series\lxdnmon.exe"
O4 - HKLM\..\Run: [lxdnamon] "C:\Program Files\Lexmark 2600 Series\lxdnamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [PhotoExplosionCalCheck] C:\Program Files\Nova Development\Photo Explosion 3.0 SE\calcheck.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [Anti-phishing Domain Advisor] "C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files\Logitech\Vid HD\Vid.exe" -bootmode
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files\Logitech\Ereg\eReg.exe
O4 - Startup: OpenOffice.org 3.4.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\PrintMaster 16\pmremind.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} (VatCtrl Class) - http://24.227.115.174:65432/VatDec.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} (UnagiAx Class) - http://radaol-prod-web-rr.streamops.aol.com/mediaplugin/3.0.84.2/win32/unagi3.0.84.2.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://24.227.115.174/cab/msrdp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: vsharechrome - (no CLSID) - (no file)
O20 - AppInit_DLLs: 
O20 - Winlogon Notify: RelevantKnowledge - C:\Program Files\RelevantKnowledge\rlls.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: DM1Service - OLYMPUS Corporation - C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\Don\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxdnCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdnserv.exe
O23 - Service: lxdn_device - - C:\WINDOWS\system32\lxdncoms.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PPCtlPriv - Unknown owner - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 13779 bytes

DDS.txt:

.
DDS (Ver_2011-08-26.01) - NTFSx86 
Internet Explorer: 8.0.6001.18702
Run by Don at 8:00:29 on 2012-05-29
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767.182 [GMT -4:00]
.
AV: PC Cleaners *Disabled/Updated* {737A8864-C2D9-4337-B49A-B5E35815B9BB}
.
============== Running Processes ===============
.
C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxdncoms.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\fxssvc.exe
svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Nova Development\Photo Explosion 3.0 SE\calcheck.exe
C:\Program Files\Lexmark 2600 Series\lxdnMsdMon.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe
C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.searchnu.com/406
uInternet Connection Wizard,ShellNext = hxxp://www.broderbund.com/jump.jsp?itemID=442&itemType=CATEGORY
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: I Want This: {11111111-1111-1111-1111-110011221158} - c:\program files\i want this\I Want This.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - No File
BHO: Funmoods Helper Object: {75ebb0aa-4214-4cb4-90ec-e3e07ecd04f7} - c:\program files\funmoods\funmoods\1.5.11.16\bh\funmoods.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {9AA2F14F-E956-44B8-8694-A5B615CDF341} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
BHO: {fdd3b846-8d59-4ffb-8758-209b6ad74acc} - c:\program files\microsoft money\system\mnyviewer.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Funmoods Toolbar: {a4c272ec-ed9e-4ace-a6f2-9558c7f29ef3} - c:\program files\funmoods\funmoods\1.5.11.16\funmoodsTlbr.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Advanced SystemCare 5] "c:\program files\iobit\advanced systemcare 5\ASCTray.exe" /AutoStart
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [Logitech Vid] "c:\program files\logitech\vid hd\Vid.exe" -bootmode
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Microsoft Works Portfolio] c:\program files\microsoft works\WksSb.exe /AllUsers
mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe
mRun: [lxdnmon.exe] "c:\program files\lexmark 2600 series\lxdnmon.exe"
mRun: [lxdnamon] "c:\program files\lexmark 2600 series\lxdnamon.exe"
mRun: [FaxCenterServer] "c:\program files\lexmark fax solutions\fm3032.exe" /s
mRun: [PhotoExplosionCalCheck] c:\program files\nova development\photo explosion 3.0 se\calcheck.exe
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [nwiz] nwiz.exe /install
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [Anti-phishing Domain Advisor] "c:\documents and settings\all users\application data\anti-phishing domain advisor\visicom_antiphishing.exe"
mRun: [Wondershare Helper Compact.exe] c:\program files\common files\wondershare\wondershare helper compact\WSHelper.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\don\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\ereg\eReg.exe
StartupFolder: c:\docume~1\don\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\eventr~1.lnk - c:\program files\printmaster 16\pmremind.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\microsoft office.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\microsoft works calendar reminders.lnk - c:\program files\common files\microsoft shared\works shared\wkcalrem.exe
uPolicies-explorer: <NO NAME> = 
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {301DA1EE-F65C-4188-A417-9E915CC8FBFA} - c:\program files\microsoft money\system\mnyviewer.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} - hxxp://24.227.115.174:65432/VatDec.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} - hxxp://radaol-prod-web-rr.streamops.aol.com/mediaplugin/3.0.84.2/win32/unagi3.0.84.2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} - hxxp://24.227.115.174/cab/msrdp.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{17DD6C05-FB54-49C7-9F98-5DE86E2323CE} : DhcpNameServer = 65.32.5.111 65.32.5.112
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: RelevantKnowledge - c:\program files\relevantknowledge\rlls.dll
AppInit_DLLs: 
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SecurityProviders: msapsspc.dll schannel.dll digest.dll msnsspc.dll
.
============= SERVICES / DRIVERS ===============
.
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2011-12-12 913752]
R2 IMFservice;IMF Service;c:\program files\iobit\iobit malware fighter\IMFsrv.exe [2011-6-1 821080]
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2012-1-18 450848]
R3 CompFilter;UVCCompositeFilter;c:\windows\system32\drivers\lvbusflt.sys [2010-11-9 22176]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-5 135664]
S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [2010-9-8 98984]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856]
S2 wowsystemcode;Remote TCP/IPv6;c:\windows\system32\svchost.exe -k netsvcs [2001-8-18 14336]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-19 257696]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-5 135664]
S3 PPCtlPriv;PPCtlPriv;"c:\program files\ca\ca internet security suite\ca anti-spyware\ppctlpriv.exe" --> c:\program files\ca\ca internet security suite\ca anti-spyware\PPCtlPriv.exe [?]
S3 RegFilter;RegFilter;c:\program files\iobit\iobit malware fighter\drivers\wxp_x86\RegFilter.sys [2011-6-1 30368]
S3 UrlFilter;UrlFilter;c:\program files\iobit\iobit malware fighter\drivers\wxp_x86\UrlFilter.sys [2011-6-1 16080]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2001-8-18 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 xcpip;TCP/IP Protocol Driver;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]
S3 xpsec;IPSEC driver;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
S4 FileMonitor;FileMonitor;c:\program files\iobit\iobit malware fighter\drivers\wxp_x86\FileMonitor.sys [2011-6-1 239472]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-22 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]
.
=============== Created Last 30 ================
.
2012-05-26 12:03:37	--------	d-----w-	c:\documents and settings\don\AppData
2012-05-26 12:03:35	--------	d-----w-	c:\documents and settings\don\application data\searchquband
2012-05-24 10:58:14	--------	d-----w-	C:\Juststuff9
2012-05-22 19:53:39	--------	d-----w-	c:\documents and settings\all users\application data\boost_interprocess
2012-05-22 19:53:29	--------	d-----w-	c:\documents and settings\don\local settings\application data\Ilivid Player
2012-05-22 19:35:33	159744	----a-w-	c:\program files\internet explorer\plugins\npqtplugin7.dll
2012-05-22 19:35:33	159744	----a-w-	c:\program files\internet explorer\plugins\npqtplugin6.dll
2012-05-22 19:35:33	159744	----a-w-	c:\program files\internet explorer\plugins\npqtplugin5.dll
2012-05-22 19:35:33	159744	----a-w-	c:\program files\internet explorer\plugins\npqtplugin4.dll
2012-05-22 19:35:33	159744	----a-w-	c:\program files\internet explorer\plugins\npqtplugin3.dll
2012-05-22 19:35:33	159744	----a-w-	c:\program files\internet explorer\plugins\npqtplugin2.dll
2012-05-22 19:35:33	159744	----a-w-	c:\program files\internet explorer\plugins\npqtplugin.dll
2012-05-22 18:33:25	--------	d-----w-	c:\documents and settings\don\application data\Funmoods
2012-05-22 17:23:17	249856	------w-	c:\windows\Setup1.exe
2012-05-22 17:23:15	73216	----a-w-	c:\windows\ST6UNST.EXE
2012-05-19 13:25:29	--------	d-----w-	c:\documents and settings\all users\application data\AVS4YOU
2012-05-19 13:25:15	--------	d-----w-	c:\documents and settings\don\application data\AVS4YOU
2012-05-19 13:21:26	--------	d-----w-	c:\program files\common files\AVSMedia
2012-05-19 13:21:20	11139944	----a-w-	c:\windows\system32\libmfxsw32.dll
2012-05-19 13:21:19	24576	----a-w-	c:\windows\system32\msxml3a.dll
2012-05-19 13:17:55	--------	d-----w-	c:\program files\AVS4YOU
2012-05-18 17:33:17	--------	d-----w-	c:\program files\Funmoods
2012-05-18 16:59:48	--------	d-----w-	c:\program files\blekkotb_soc
2012-05-16 19:36:49	--------	d-----w-	c:\documents and settings\don\local settings\application data\Babylon
2012-05-16 19:36:36	--------	d-----w-	c:\documents and settings\all users\application data\Babylon
2012-05-16 19:36:31	--------	d-----w-	c:\documents and settings\don\application data\Babylon
2012-05-16 19:11:16	--------	d-----w-	c:\program files\DreamScene XP
2012-05-15 20:33:12	--------	d-----w-	c:\documents and settings\don\local settings\application data\RcIncidents
2012-05-15 19:07:29	--------	d-----w-	c:\documents and settings\don\local settings\application data\Wondershare
2012-05-15 19:07:27	--------	d-----w-	c:\program files\common files\Wondershare
2012-05-15 19:07:13	--------	d-----w-	c:\documents and settings\don\application data\Wondershare
2012-05-15 19:07:07	--------	d-----w-	c:\program files\Wondershare
2012-05-15 18:14:47	--------	d-----w-	c:\documents and settings\don\application data\blekkotb_019
2012-05-14 16:11:25	--------	d-----w-	c:\program files\Image Icon Converter
2012-05-14 16:10:57	--------	d-----w-	c:\documents and settings\all users\application data\Tarma Installer
2012-05-14 13:11:42	188416	----a-w-	c:\windows\system32\actsplash.ocx
2012-05-14 13:11:42	101888	----a-w-	c:\windows\system32\VB6STKIT.DLL
2012-05-14 13:11:41	82744	----a-w-	c:\windows\system32\PICCLP32.OCX
2012-05-14 13:11:41	741376	----a-w-	c:\windows\system32\SkinCrafter.dll
2012-05-14 13:11:41	389120	----a-w-	c:\windows\system32\actskn43.ocx
2012-05-14 13:11:41	2267368	----a-w-	c:\windows\system32\Flash9d.ocx
2012-05-14 13:11:40	--------	d-----w-	c:\program files\AudioShareware.com
2012-05-14 12:44:14	--------	d-----w-	c:\documents and settings\don\local settings\application data\I Want This
2012-05-14 12:44:11	--------	d-----w-	c:\program files\I Want This
2012-05-14 12:44:05	--------	d-----w-	c:\documents and settings\all users\application data\blekko toolbars
2012-05-14 12:43:50	--------	d-----w-	c:\documents and settings\don\local settings\application data\blekkotb_soc
2012-05-14 12:43:47	--------	d-----w-	c:\documents and settings\all users\application data\Anti-phishing Domain Advisor
2012-05-09 12:16:59	--------	d-----w-	c:\program files\Microsoft
2012-05-09 12:14:53	74520	----a-w-	c:\program files\common files\windows live\.cache\56e9ee6a1cd2ddd\DSETUP.dll
2012-05-09 12:14:53	484632	----a-w-	c:\program files\common files\windows live\.cache\56e9ee6a1cd2ddd\DXSETUP.exe
2012-05-09 12:14:53	1670936	----a-w-	c:\program files\common files\windows live\.cache\56e9ee6a1cd2ddd\dsetup32.dll
2012-05-09 12:14:45	1013800	----a-w-	c:\program files\common files\windows live\.cache\5284987a1cd2ddd\WindowsXP-KB954708-x86-ENU.exe
2012-05-09 12:00:43	--------	d-----w-	c:\program files\common files\Windows Live
2012-05-08 16:50:41	--------	d-----w-	c:\documents and settings\don\local settings\application data\Logitech® Webcam Software
2012-05-08 16:43:10	53248	----a-r-	c:\documents and settings\don\application data\microsoft\installer\{3ee9bcae-e9a9-45e5-9b1c-83a4d357e05c}\ARPPRODUCTICON.exe
2012-05-08 16:37:44	--------	d-----w-	c:\program files\common files\LWS
2012-05-01 18:59:42	524288	----a-w-	c:\windows\system32\tmp131.tmp
2012-05-01 18:59:40	569344	----a-w-	c:\windows\system32\tmp130.tmp
2012-05-01 18:59:39	147456	----a-w-	c:\windows\system32\tmp12F.tmp
2012-05-01 18:59:38	983121	----a-w-	c:\windows\system32\tmp12E.tmp
.
==================== Find3M ====================
.
2012-05-05 10:16:08	419488	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-05-05 10:16:07	70304	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-19 00:56:30	94208	----a-w-	c:\windows\system32\QuickTimeVR.qtx
2012-04-19 00:56:30	69632	----a-w-	c:\windows\system32\QuickTime.qts
2012-04-11 22:05:54	2069120	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-04-11 13:12:06	1862272	----a-w-	c:\windows\system32\win32k.sys
2012-04-11 13:10:58	2192640	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-03-07 14:22:59	73728	----a-w-	c:\windows\system32\javacpl.cpl
2012-03-07 14:22:58	472808	----a-w-	c:\windows\system32\deployJava1.dll
2012-03-01 11:01:32	916992	----a-w-	c:\windows\system32\wininet.dll
2012-03-01 11:01:32	43520	----a-w-	c:\windows\system32\licmgr10.dll
2012-03-01 11:01:32	1469440	------w-	c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:16	177664	----a-w-	c:\windows\system32\wintrust.dll
2012-02-29 14:10:16	148480	----a-w-	c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40	385024	----a-w-	c:\windows\system32\html.iec
2010-09-19 18:37:08	185640	----a-w-	c:\program files\XvidSetup.exe
2010-05-07 16:10:13	4007544	----a-w-	c:\program files\pdf-to-word-converter.exe
2010-02-27 21:18:31	0	----a-w-	c:\program files\Silverlight.exe
2009-12-28 19:21:28	2728440	----a-w-	c:\program files\vcsetup.exe
2009-12-27 15:08:40	4621632	----a-w-	c:\program files\vs_proweb.exe
2008-08-31 12:53:35	3520552	----a-w-	c:\program files\procexp.exe
2008-04-05 15:19:07	7036642	----a-w-	c:\program files\AID_Personal_Setup.exe
2008-04-05 14:57:13	5660000	----a-w-	c:\program files\labelm.exe
2008-04-02 20:11:42	7042688	----a-w-	c:\program files\AID_Enterprise_Setup.exe
2008-04-02 16:07:27	23510720	----a-w-	c:\program files\DotNetfx.exe
2008-04-02 16:01:57	22646046	----a-w-	c:\program files\easycardcreator_free_setup.exe
2005-08-23 14:22:20	10488666	-c--a-w-	c:\program files\dwizen.exe
2005-07-15 17:23:52	334	-c--a-w-	c:\program files\layout.bin
2003-03-26 13:52:43	1150945	-c--a-w-	c:\program files\svinstall_s_libs.exe
2003-03-14 16:59:43	266843	----a-w-	c:\program files\nistime-32bit.exe
2003-03-14 16:45:56	1771688	-c--a-w-	c:\program files\atc28.exe
2003-03-14 16:31:31	646610	-c--a-w-	c:\program files\ats20b1.exe
2001-05-11 15:39:16	53248	----a-w-	c:\program files\ACMonitor_X73.exe
1997-06-02 16:17:58	8192	----a-w-	c:\program files\_ISDEL.EXE
1997-06-02 16:17:40	11264	----a-w-	c:\program files\_SETUP.DLL
.
============= FINISH: 8:02:32.14 ===============

attach.txt:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 8/26/2005 11:13:25 AM
System Uptime: 5/28/2012 12:33:40 PM (20 hours ago)
.
Motherboard: Intel Corporation | | D845EPT2 
Processor: Intel(R) Pentium(R) 4 CPU 2.00GHz | X1 | 1993/100mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 75 GiB total, 19.605 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP757: 4/7/2012 9:34:00 PM - System Checkpoint
RP758: 4/8/2012 10:31:35 PM - System Checkpoint
RP759: 4/9/2012 11:29:17 PM - System Checkpoint
RP760: 4/11/2012 12:26:34 AM - System Checkpoint
RP761: 4/11/2012 5:24:30 PM - Installed Windows XP KB2653956.
RP762: 4/11/2012 5:29:47 PM - Installed Windows XP KB2675157.
RP763: 4/12/2012 5:35:23 PM - System Checkpoint
RP764: 4/13/2012 6:32:12 PM - System Checkpoint
RP765: 4/14/2012 7:32:13 PM - System Checkpoint
RP766: 4/15/2012 8:32:07 PM - System Checkpoint
RP767: 4/16/2012 9:30:07 PM - System Checkpoint
RP768: 4/17/2012 10:28:59 PM - System Checkpoint
RP769: 4/18/2012 11:24:18 PM - System Checkpoint
RP770: 4/20/2012 12:23:12 AM - System Checkpoint
RP771: 4/21/2012 1:20:59 AM - System Checkpoint
RP772: 4/22/2012 2:19:56 AM - System Checkpoint
RP773: 4/23/2012 3:17:36 AM - System Checkpoint
RP774: 4/24/2012 4:16:24 AM - System Checkpoint
RP775: 4/25/2012 5:14:39 AM - System Checkpoint
RP776: 4/26/2012 6:14:42 AM - System Checkpoint
RP777: 4/27/2012 10:59:38 AM - System Checkpoint
RP778: 4/28/2012 11:11:06 AM - System Checkpoint
RP779: 4/29/2012 11:31:04 AM - System Checkpoint
RP780: 4/30/2012 12:57:57 PM - System Checkpoint
RP781: 5/1/2012 1:01:29 PM - System Checkpoint
RP782: 5/2/2012 5:31:06 PM - System Checkpoint
RP783: 5/3/2012 6:33:42 PM - System Checkpoint
RP784: 5/4/2012 6:48:05 PM - System Checkpoint
RP785: 5/5/2012 7:01:05 PM - System Checkpoint
RP786: 5/6/2012 7:14:05 PM - System Checkpoint
RP787: 5/7/2012 8:02:05 PM - System Checkpoint
RP788: 5/8/2012 8:47:36 PM - System Checkpoint
RP789: 5/9/2012 8:20:50 AM - Installed Windows XP KB954708.
RP790: 5/9/2012 8:21:07 AM - Installed DirectX
RP791: 5/10/2012 8:49:31 AM - Removed Windows Live Sync
RP792: 5/10/2012 8:50:12 AM - Removed Windows Live Upload Tool
RP793: 5/10/2012 5:55:41 PM - Installed Windows XP KB2695962.
RP794: 5/10/2012 5:57:51 PM - Installed Windows XP KB2676562.
RP795: 5/10/2012 5:59:10 PM - Installed Windows XP KB2659262.
RP796: 5/10/2012 6:00:26 PM - Installed Windows XP KB2686509.
RP797: 5/11/2012 6:45:12 PM - System Checkpoint
RP798: 5/12/2012 8:36:42 PM - System Checkpoint
RP799: 5/13/2012 9:33:40 PM - System Checkpoint
RP800: 5/16/2012 7:23:11 AM - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
RP801: 5/16/2012 7:25:09 AM - Removed OpenOffice.org 3.3
RP802: 5/18/2012 6:37:34 PM - System Checkpoint
RP803: 5/19/2012 9:44:33 AM - Configured 505 Game Collection
RP804: 5/20/2012 3:47:13 PM - System Checkpoint
RP805: 5/21/2012 6:45:28 PM - System Checkpoint
RP806: 5/22/2012 3:31:05 PM - Installed QuickTime
RP807: 5/23/2012 5:21:58 PM - System Checkpoint
RP808: 5/24/2012 5:52:21 PM - System Checkpoint
RP809: 5/25/2012 6:12:59 PM - System Checkpoint
RP810: 5/26/2012 6:52:52 PM - System Checkpoint
RP811: 5/27/2012 5:58:40 PM - Restore Operation
RP812: 5/27/2012 6:03:32 PM - Restore Operation
RP813: 5/28/2012 9:13:41 AM - Installed AVG 2012
RP814: 5/28/2012 9:14:24 AM - Installed AVG 2012
RP815: 5/28/2012 12:26:31 PM - Removed AVG 2012
RP816: 5/28/2012 12:30:21 PM - Removed AVG 2012
RP817: 5/28/2012 12:32:37 PM - Removed AVG 2012
.
==== Installed Programs ======================
.
505 Game Collection
ABBYY FineReader 6.0 Sprint
AC3Filter 1.63b
ACDSee for PENTAX
AceHTML Freeware
Acrobat.com
Adobe AIR
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.1
Adobe SVG Viewer 3.0
Advanced SystemCare 5
Anti-phishing Domain Advisor
Apple Application Support
Apple Software Update
Applian Director
Aquatica 3
ArcSoft Panorama Maker 5
ArcSoft Software Suite
ArcSoft VideoImpression 1.6
Bonjour
CameraHelperMsi
Cards_Calendar_OrderGift_DoMorePlugout
CDBurnerXP
CodeBlocks
Compatibility Pack for the 2007 Office system
Conduit Engine
Conexant HSF V92 56K RTAD Speakerphone PCI Modem
Contextual Tool Extrafind
Convert FLV to MP3 1.0
Crystal Reports for Visual Studio
Dell Driver Download Manager
DesignPro 5
DiscWizard for Windows
DiskRedactor
Dotfuscator Software Services - Community Edition
DreamScene XP version 1.0
DTCLookup
Easy CD Creator 5 Basic
Easy Graphic Converter 3.0
Easy Icon Maker
Easycab v7.0
erLT
ExpressPCB
FaxTools
FinePixViewer Ver.3.2
FoxTab Video To MP3
FREE Equation Illustrator version 1.7.3.0
Free PDF to Word Converter 4.2.3.183
Freeze.com NetAssistant
FUJIFILM USB Driver
Funmoods on IE and Chrome
Game Booster
GIMP 2.4.0
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB948127)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2542054)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB958655-v2)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
HP Photosmart Essential 2.5
HPPhotoSmartPhotobookWebPack1
HTML-Kit
HTML Slideshow Powertoy for Windows XP
I Want This
Icon Maker 4.4.0.5
ICS Viewer 6.0
Image Icon Converter 1.3
ImageMixer VCD for FinePix
ImTOO Convert PowerPoint to Video Free
Inkscape 0.45.1
IObit Malware Fighter
Java Auto Updater
Java(TM) 6 Update 22
Java(TM) 6 Update 31
LameACM
Lexmark 2600 Series
Lexmark Fax Solutions
Logitech Vid HD
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft ASP.NET MVC 2
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Encarta Encyclopedia Standard 2002
Microsoft Help Viewer 1.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2002
Microsoft Money 2002 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel Viewer
Microsoft Office Live Add-in 1.3
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Picture It! Photo 2002
Microsoft Silverlight
Microsoft Silverlight 3 SDK
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 R2 Data-Tier Application Framework
Microsoft SQL Server 2008 R2 Data-Tier Application Project
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 R2 Transact-SQL Language Service
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files 
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Database Publishing Wizard 1.4
Microsoft SQL Server System CLR Types
Microsoft SQL Server VSS Writer
Microsoft Streets and Trips 2002
Microsoft Sync Framework Runtime v1.0 SP1 (x86)
Microsoft Sync Framework SDK v1.0 SP1
Microsoft Sync Framework Services v1.0 SP1 (x86)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x86)
Microsoft Team Foundation Server 2010 Object Model - ENU
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2008 Samples
Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
Microsoft Visual F# 2.0 Runtime
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio 2010 Office Developer Tools (x86)
Microsoft Visual Studio 2010 Professional - ENU
Microsoft Visual Studio 2010 SharePoint Developer Tools
Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
Microsoft Visual Studio Macro Tools
Microsoft Web Publishing Wizard 1.52
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
Microsoft Word 2002
Microsoft Works 2002 Setup Launcher
Microsoft Works 6-9 Converter
Microsoft Works 6.0
Microsoft Works Suite Add-in for Microsoft Word
Microsoft XML Parser and SDK
MicroStaff WINASPI
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
My DSC
NetAssistant
NetObjects Fusion Essentials
NVIDIA Display Driver
NVIDIA Drivers
OpenOffice.org 3.4
Opera 11.64
Paint Shop Pro Shareware Version 3.12 - 32 Bit
Photo Explosion 3.0 Special Edition
Picasa 3
PrintMaster 16
PSSWCORE
Punch! Super Home Suite
QuickTime
RelevantKnowledge
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Visual Studio 2010 Professional - ENU (KB2251489)
Security Update for Microsoft Visual Studio 2010 Professional - ENU (KB2644980)
Security Update for Microsoft Visual Studio Macro Tools (KB2669970)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Serif DrawPlus 4.0
Serif PagePlus Starter Edition
Serif WebPlus 6.0
Shockwave
Skype 5.8
Sound Blaster Live! Value
Sql Server Customer Experience Improvement Program
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VectorEye3
VideoToolkit01
Visual Similarity Duplicate Image Finder Demo 3.1.0.1
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
VLC media player 2.0.1
vShare Plugin
Vuze Remote Toolbar
Web Deployment Tool
WebFldrs XP
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer Clean Up
Windows Internet Explorer 8
Windows Live Sign-in Assistant
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows Search 4.0
Windows XP Creativity Fun Packs - Windows Movie Maker 2
Windows XP Service Pack 3
Wondershare PDF Converter (Build 3.1.1)
Works Suite OS Pack
Works Synchronization
XML Paper Specification Shared Components Pack 1.0
Yahoo! Software Update
Yahoo! Toolbar
YouTube Downloader 2.7.4
.
==== Event Viewer Messages From Past Week ========
.
5/28/2012 1:57:12 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
5/27/2012 7:43:31 AM, error: Service Control Manager [7023] - The Remote TCP/IPv6 service terminated with the following error: The specified module could not be found.
5/27/2012 7:43:31 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the lxdnCATSCustConnectService service to connect.
5/27/2012 7:43:31 AM, error: Service Control Manager [7000] - The lxdnCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/27/2012 7:43:31 AM, error: Service Control Manager [7000] - The hpdj service failed to start due to the following error: The system cannot find the file specified.
.
==== End Of File ===========================

NOTE: Had to cut GMER short after 4 hours. Saved ark.txt to that point

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-05-28 18:26:16
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST380013A rev.8.01
Running: 6jqko53f.exe; Driver: C:\DOCUME~1\Don\LOCALS~1\Temp\fxrcrpod.sys

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xF6D64340, 0x121A5F, 0xF8000020]
.text C:\WINDOWS\System32\nv4_disp.dll section is writeable [0xBF012380, 0x25BA81, 0xF8000020]
? C:\DOCUME~1\Don\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Google\Chrome\Application\chrome.exe[196] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01710001 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[196] WS2_32.dll!WSALookupServiceNextW 71AB3181 6 Bytes JMP 71A60F5A 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[196] WS2_32.dll!WSALookupServiceEnd 71AB350E 6 Bytes JMP 71A30F5A 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[196] WS2_32.dll!WSALookupServiceBeginW 71AB35EF 6 Bytes JMP 71AF0F5A 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[196] WS2_32.dll!send 71AB4C27 6 Bytes JMP 71A00F5A 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[196] WS2_32.dll!WSARecv  71AB4CB5 6 Bytes JMP 71970F5A 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[196] WS2_32.dll!recv 71AB676F 6 Bytes JMP 719D0F5A 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[196] WS2_32.dll!WSASend 71AB68FA 6 Bytes JMP 719A0F5A 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[196] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 6 Bytes JMP 71940F5A 
.text C:\WINDOWS\system32\SearchIndexer.exe[1360] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe[1544] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 0044C909 C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe (IObit Malware Fighter Service/IObit)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3116] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3356] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 2E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3356] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3356] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3356] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 2E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3356] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3356] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 2E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3356] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3356] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 2E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3356] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3356] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91041A 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3356] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3356] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 2E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3356] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3356] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 2E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3356] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3356] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 2E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3356] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3356] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91048B 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3356] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3356] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 2E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3356] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3356] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B9105B9 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3356] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3356] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 2E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3356] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3356] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 2E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3356] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3356] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3356] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 2E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3356] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 33, 00] {SUB [EAX], AL; XOR EAX, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 33, 00] {SUB [EBX], AL; XOR EAX, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 33, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 33, 00] {TEST AL, 0x1; XOR EAX, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91091A 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 33, 00] {TEST AL, 0x2; XOR EAX, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 33, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 33, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91098B 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 33, 00] {TEST AL, 0x0; XOR EAX, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B910AB9 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 33, 00] {SUB [ECX], AL; XOR EAX, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 33, 00] {SUB [EDX], AL; XOR EAX, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 33, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01BA0001 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] WS2_32.dll!WSALookupServiceNextW 71AB3181 6 Bytes JMP 71A60F5A 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] WS2_32.dll!WSALookupServiceEnd 71AB350E 6 Bytes JMP 71A30F5A 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] WS2_32.dll!WSALookupServiceBeginW 71AB35EF 6 Bytes JMP 71AF0F5A 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] WS2_32.dll!send 71AB4C27 6 Bytes JMP 71A00F5A 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] WS2_32.dll!WSARecv 71AB4CB5 6 Bytes JMP 71970F5A 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] WS2_32.dll!recv 71AB676F 6 Bytes JMP 719D0F5A 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] WS2_32.dll!WSASend 71AB68FA 6 Bytes JMP 719A0F5A 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 6 Bytes JMP 71940F5A

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] 0x16 0x1E 0x33 0x33 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC 
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0x16 0x1E 0x33 0x33 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\[email protected] 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\[email protected] 0x16 0x1E 0x33 0x33 ...

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 malicious Win32:MBRoot code @ sector 156280323
Disk \Device\Harddisk0\DR0 PE file @ sector 156280345

---- EOF - GMER 1.0.15 ----


----------



## flavallee (May 12, 2002)

Do the following in the order that they're listed.

----------------------------------------------------------

Go to Control Panel - Add Or Remove Programs, then uninstall/remove

*Advanced SystemCare 5*(by IObit)

*Conduit Engine

Freeze.com NetAssistant

Funmoods on IE and Chrome

I Want This

IObit Malware Fighter

Java(TM) 6 Update 22

RelevantKnowledge

vShare Plugin

Vuze Remote Toolbar

Windows Search 4.0

Yahoo! Software Update

Yahoo! Toolbar*

Make sure to restart the computer after you're all done.

--------------------------------------------------------

Download and save the free version of

*Malwarebytes Anti-Malware 1.61.0.1400*

*SUPERAntiSpyware 5.0.0.1150*

Close all open windows first, then install them both.

Make sure to update their definition files during the install process.

Uncheck and opt out to install any extras, such as toolbars and homepages, they may offer.

Restart the computer after they've both been installed and updated.

--------------------------------------------------------

Start Malwarebytes Anti-Malware.

Click "Scanner(tab) - *Perform quick scan* - Scan".

If infections or problems are found during the scan, the number of them will be highlighted in red.

When the scan is finished, click "Show Results".

Make sure that *EVERYTHING* is selected, then click "Remove Selected".

If you're prompted to restart to finish the removal process, click "Yes".

Start Malwarebytes Anti-Malware again.

Click "Logs"(tab).

Highlight the scan log entry, then click "Open".

When the scan log appears in Notepad, copy-and-paste it here.

--------------------------------------------------------

Start SUPERAntiSpyware.

Select the "*Quick Scan*" option, then click "Scan your Computer".

If infections or problems are found during the scan, a list will appear and the number of them will be highlighted in red.

When the scan is finished and the scan summary window appears, click "Continue".

Make sure that *EVERYTHING* in the list is selected, then click "Remove Threats".

Click "OK - Finish".

If you're prompted to restart to finish the removal process, do so.

Start SUPERAntiSpyware again.

Click "View Scan Logs".

Highlight the scan log entry, then click "View Selected Log".

When the scan log appears in Notepad, copy-and-paste it here.

--------------------------------------------------------

Start HiJackThis, then click "Do a system scan and save a log file".

Save the new log that appears, then copy-and-paste it here.

--------------------------------------------------------


----------



## dgp1939 (Oct 9, 2003)

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.30.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Don :: DPS-TOOFLISS [administrator]

Protection: Enabled

5/30/2012 11:22:18 AM
mbam-log-2012-05-30 (11-22-18).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 230171
Time elapsed: 8 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 12
HKCR\CLSID\{dedbb410-30bd-5eb4-8555-c0ee0936e592} (Trojan.Agent) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\CROSSRIDER (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki (PUP.Funmoods) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\RelevantKnowledge (PUP.Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{d08d9f98-1c78-4704-87e6-368b0023d831} (PUP.Adware.RelevantKnowledge) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\Software\Crossrider|215AppVerifier (Adware.GamePlayLab) -> Data: 7bc662ebac27a4868b76748184925042 -> Quarantined and deleted successfully.

Registry Data Items Detected: 2
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
C:\Documents and Settings\Don\My Documents\downloads\GrooveStream.exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.
C:\Documents and Settings\Don\My Documents\downloads\oi_asimexe.exe (PUP.BundleInstaller.OI) -> Quarantined and deleted successfully.
C:\Documents and Settings\Don\My Documents\downloads\XvidSetup (1).exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Don\My Documents\downloads\XvidSetup.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\XvidSetup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.

(end)


----------



## dgp1939 (Oct 9, 2003)

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/30/2012 at 12:07 PM

Application Version : 5.0.1150

Core Rules Database Version : 8657
Trace Rules Database Version: 6469

Scan type : Quick Scan
Total Scan Time : 00:10:37

Operating System Information
Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 521
Memory threats detected : 0
Registry items scanned : 30242
Registry threats detected : 0
File items scanned : 7424
File threats detected : 487

Adware.Tracking Cookie
.zgstats.com [ C:\DOCUMENTS AND SETTINGS\DON\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\I1MR0NC0.DEFAULT\COOKIES.SQLITE ]
C:\Documents and Settings\Don\Cookies\[email protected][1].txt [ /accounts.google ]
C:\Documents and Settings\Don\Cookies\[email protected][1].txt [ /collective-media ]
C:\Documents and Settings\Don\Cookies\96Q0AY4U.txt [ /atdmt.com ]
C:\Documents and Settings\Don\Cookies\X96PO8BE.txt [ /ad.yieldmanager.com ]
C:\Documents and Settings\Don\Cookies\XKRFT5X4.txt [ /zgstats.com ]
C:\Documents and Settings\Don\Cookies\EHFN3DL0.txt [ /statcounter.com ]
C:\Documents and Settings\Don\Cookies\EV0B6FTG.txt [ /atdmt.combing.com ]
C:\Documents and Settings\Don\Cookies\CSE4XO4I.txt [ /ad.wsod.com ]
C:\Documents and Settings\Don\Cookies\TDNWW6QW.txt [ /asknetag.112.2o7.net ]
C:\Documents and Settings\Don\Cookies\0W4ZFLT1.txt [ /adserver2.news-journalonline.com ]
C:\DOCUMENTS AND SETTINGS\DON\Cookies\00DL0VNM.txt [ Cookie:[email protected]/accounts/ ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pointroll.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
findicons.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.kontera.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
findicons.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
findicons.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.findicons.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.findicons.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.findicons.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
findicons.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.specificclick.net [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adxpose.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.burstnet.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.www.burstnet.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.histats.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.histats.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.amazon-adsystem.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.amazon-adsystem.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.vesseltracker.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.vesseltracker.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.vesseltracker.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.vesseltracker.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.myweather.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.estat.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.xiti.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.saymedia.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adserver.adtechus.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.microsoftsto.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.dmtracker.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
advert.travlang.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pro-market.net [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pro-market.net [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.popularscreensavers.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.popularscreensavers.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.popularscreensavers.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.popularscreensavers.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.getclicky.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.static.getclicky.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
in.getclicky.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
auslieferung.commindo-media-ressourcen.de [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adinterax.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.burstbeacon.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.burstbeacon.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.accounts.google.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.accounts.google.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.atdmt.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.atdmt.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pro-market.net [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.brighthouse.122.2o7.net [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.msnbc.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.kanoodle.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
counters.gigya.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.technoratimedia.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.technoratimedia.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.click-trker.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.click-trker.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.click-trker.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.burstnet.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.overture.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.leeenterprises.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.hyatt.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adserver.adtechus.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clickbooth.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adserver.adtechus.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adserver.adtechus.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.googleads.g.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www8.addfreestats.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.yadro.ru [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.rambler.ru [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tns-counter.ru [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.openstat.net [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.spylog.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
onlinefreemediafiles.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
onlinefreemediafiles.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
onlinefreemediafiles.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
onlinefreemediafiles.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
onlinefreemediafiles.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
onlinefreemediafiles.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
7.rotator.wigetmedia.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
7.rotator.wigetmedia.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
7.rotator.wigetmedia.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
onlinefreemediafiles.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
onlinefreemediafiles.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
adx.kat.ph [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
wstat.wibiya.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tripod.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tripod.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.espn.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.homestore.122.2o7.net [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.dealtime.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.dealtime.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.dealtime.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.dealtime.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
stat.dealtime.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.dealtime.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.dealtime.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.gigcount.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adserver.adtechus.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.e-2dj6wbmyuodzwdo.stats.esomniture.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tripod.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tripod.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.homefinder.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.homefinder.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.homefinder.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.homefinder.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.homefinder.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.homefinder.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.e-2dj6wgk4woczaap.stats.esomniture.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.martiniadnetwork.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.martiniadnetwork.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.martiniadnetwork.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.247realmedia.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.googleads.g.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bs.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
cdmedia.rotator.hadj7.adjuggler.net [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
cdmedia.rotator.hadj7.adjuggler.net [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 cdmedia.rotator.hadj7.adjuggler.net [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad2.adfarm1.adition.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.stats.ilivid.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.burstnet.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.burstnet.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.intermundomedia.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.intermundomedia.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
6944z2.rotator.hadj1.adjuggler.net [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
6944z2.rotator.hadj1.adjuggler.net [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
6944z2.rotator.hadj1.adjuggler.net [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
network.realmedia.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.gntbcstglobal.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
tracking.oggifinogi.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
mediaservices-d.openxenterprise.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
foxcreekleather.directtrack.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.volusia.county-taxes.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.volusia.county-taxes.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.volusia.county-taxes.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.volusia.county-taxes.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
adserver2.news-journalonline.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
timesofindia.indiatimes.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
a.visualrevenue.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
timesofindia.indiatimes.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
timesofindia.indiatimes.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
timesofindia.indiatimes.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
timesofindia.indiatimes.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.qsstats.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
adserver.arrests.org [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.247realmedia.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.247realmedia.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atwola.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.atdmt.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.atdmt.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.burstnet.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.msnportal.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.overture.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.stats.paypal.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lexmark.122.2o7.net [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.traveladvertising.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.traveladvertising.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.traveladvertising.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.traveladvertising.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.traveladvertising.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.qnsr.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
o1.qnsr.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
e1.cdn.qnsr.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
e1.cdn.qnsr.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
e1.cdn.qnsr.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
e1.cdn.qnsr.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.qsstats.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atrack.art.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
statse.webtrendslive.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.usatoday1.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.solvemedia.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.solvemedia.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.nextstat.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.nextstat.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.nextstat.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tmobile.db.advertising.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
dc.tremormedia.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.e-2dj6wjnyomajkgq.stats.esomniture.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realteengirls.org [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realteengirls.org [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realteengirls.org [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ero-advertising.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ero-advertising.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exoclick.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exoclick.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.emoporno.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.emoporno.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.emoporno.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pro-market.net [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lucidmedia.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.freecamsexposed.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.freecamsexposed.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.freecamsexposed.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.freecamsexposed.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.freecamsexposed.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.freecamsexposed.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.freecamsexposed.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.freecamsexposed.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.freecamsexposed.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.freecamsexposed.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.crakmedia.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.freecamsexposed.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.crakmedia.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.yoursexwiki.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.yoursexwiki.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.yoursexwiki.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mm.chitika.net [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.trafficland.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.trafficland.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.trafficland.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.trafficland.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.s.clickability.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.s.clickability.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.survey.g.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.fastclick.net [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.shulinkou.tripod.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.shulinkou.tripod.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.shulinkou.tripod.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bravenet.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tracking.alwaysdownloads.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tracking.alwaysdownloads.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.cbsdigitalmedia.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c1.atdmt.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c1.atdmt.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
server.iad.liveperson.net [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.yieldmanager.net [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pointroll.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adinterax.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ar.atwola.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ar.atwola.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atwola.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.net [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.marinetraffic.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.marinetraffic.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.marinetraffic.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.marinetraffic.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.marinetraffic.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.marinetraffic.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.marinetraffic.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.marinetraffic.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.marinetraffic.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.marinetraffic.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.marinetraffic.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.marinetraffic.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.marinetraffic.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.marinetraffic.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.marinetraffic.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.marinetraffic.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.marinetraffic.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.marinetraffic.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.marinetraffic.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.marinetraffic.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tribalfusion.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.premiumtv.122.2o7.net [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.h.atdmt.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.h.atdmt.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.h.atdmt.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.h.atdmt.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.atdmt.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.atdmt.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.atdmt.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.atdmt.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.statcounter.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\DON\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]


----------



## dgp1939 (Oct 9, 2003)

NOTE: Did not repair anything found by Hijackthis. There was no instruction to do so.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:20:35 PM, on 5/30/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxdncoms.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Lexmark 2600 Series\lxdnMsdMon.exe
C:\Program Files\Nova Development\Photo Explosion 3.0 SE\calcheck.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Documents and Settings\Don\My Documents\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchnu.com/406
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.broderbund.com/jump.jsp?itemID=442&itemType=CATEGORY
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [lxdnmon.exe] "C:\Program Files\Lexmark 2600 Series\lxdnmon.exe"
O4 - HKLM\..\Run: [lxdnamon] "C:\Program Files\Lexmark 2600 Series\lxdnamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [PhotoExplosionCalCheck] C:\Program Files\Nova Development\Photo Explosion 3.0 SE\calcheck.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [Anti-phishing Domain Advisor] "C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files\Logitech\Vid HD\Vid.exe" -bootmode
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files\Logitech\Ereg\eReg.exe
O4 - Startup: OpenOffice.org 3.4.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\PrintMaster 16\pmremind.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} (VatCtrl Class) - http://24.227.115.174:65432/VatDec.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} (UnagiAx Class) - http://radaol-prod-web-rr.streamops.aol.com/mediaplugin/3.0.84.2/win32/unagi3.0.84.2.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://24.227.115.174/cab/msrdp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: DM1Service - OLYMPUS Corporation - C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\Don\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxdnCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdnserv.exe
O23 - Service: lxdn_device - - C:\WINDOWS\system32\lxdncoms.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PPCtlPriv - Unknown owner - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

--
End of file - 12121 bytes


----------



## flavallee (May 12, 2002)

*Malwarebytes Anti-Malware* and *SUPERAntiSpyware* found and removed a lot of problems. :up:

They are to remain installed in your computer so you can put them to use at least once a week.

Make sure to update their definition files BEFORE running a scan.

Make sure to remove EVERYTHING they find.

Doing this will keep the build of malware, spyware, rogues, hijackers, etc. in check.

---------------------------------------------------------

Did you have any issues with uninstalling any of the list in post #2?

---------------------------------------------------------

Do NOT fix anything in HiJackThis on your own and without proper guidance.

I'll advise you of which log entries to fix as soon as I review your latest log.

---------------------------------------------------------


----------



## flavallee (May 12, 2002)

Start HiJackThis, then click "Do a system scan only".

When the scan is finished in about 30 - 60 seconds, put a checkmark in these log entries:

*R3 - URLSearchHook: (no name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: (no name) - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - (no file)

O2 - BHO: (no name) - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - (no file)

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab*

After you confirm that you selected the CORRECT log entries, click "Fix Checked - Yes".

Close HiJackThis, then restart the computer.

-------------------------------------------------------------

What are you using for a full-time antivirus program?

I don't see one in the list of running processes nor in the startup list and services list.

-------------------------------------------------------------


----------



## dgp1939 (Oct 9, 2003)

Complied with your request to run Hijackthis. Upon restart, I noticed no difference. After this and previous restarts related to this post, a Microsoft window opened that had a single file folder in the pane: "Search Enhancement Pack". I Xed out the window without opening the file each time. Search

I've had this computer since late 2002 and have required assistance only 3 times. Took it to a local guru once for an extremely bad infection, once here at Tech Support Guy when my CDROM drive passed away and now for the present problem.

As for full-time antivirus, what would you suggest? Have not ever used one.

Also, the local guru had installed AVG Free and Advanced System Care 5 after the difficult fix above. AVG Free makes my computer crawl like a slug on a dry driveway and I have to remove it after each use. Advanced System Care 5 (free version) has been run almost every day since it was installed in August, 2008.

I have personally replaced the original HDD, Monitor and CDR Drive when the originals died and also added 512 MB of memory.

Thank you for your efforts so far.


----------



## dgp1939 (Oct 9, 2003)

The only thing I regret losing is Advanced System Care 5.


----------



## dgp1939 (Oct 9, 2003)

I don't understand removal of Java 6 update 22. Can't view favorite webcam site without Java.


----------



## flavallee (May 12, 2002)

Go here and click the green icon with white "down" arrow to download and save 
*Java Runtime Environment 1.6.0.32(6 Update 32)*

After it's been downloaded and saved, close all open windows first, then install it.

Uncheck and opt out to install any extras, such as toolbars and homepages, that it offers.

It'll overwrite and update *Java(TM) 6 Update 31* that's currently installed in your computer.

Note: You were previously advised to uninstalled *Java(TM) 6 Update 22* because it's very outdated. You also had *Java(TM) 6 Update 31* installed, which is what you just updated.

--------------------------------------------------------

Go here and click the green icon with white "down" arrow to download and save 
*Microsoft Security Essentials 4.0.1526.0*

After it's been downloaded and saved, close all open windows first, then install it.

Make sure to update its definition files during the install process.

If it wants to run a scan, allow it to do so,

Note: This will be your full-time anti-virus program, which is very user-friendly and well recommended here.

--------------------------------------------------------

As much as you may like *IObit Advanced SystemCare 5* and any other "cleaner/fixer" type programs, they will do little-to-nothing to improve speed and fix problems.

What they can do is damage Windows and break programs and generate error messages and wreak havoc with a computer.

Stay away from them, no matter what they claim they can do.

--------------------------------------------------------


----------



## dgp1939 (Oct 9, 2003)

Download accomplished. Ran quick scan. No problems found. Desktop screen still looks like attached. The Icons are my contrivance. Got tired of the clutter. Big white space should not be there.

Searchnu.com/406 still present when Chrome starts.

Thank You for the security program.

What next?


----------



## flavallee (May 12, 2002)

Do the following in the order that they're listed.

---------------------------------------------------

Right-click MY COMPUTER, then click Properties - System Restore.

Move the slider from its default value of 12% to 3%, then click Apply - OK.

Right-click RECYCLE BIN, then click Properties.

Move the slider from its default value of 10% to 3%, then click Apply - OK.

---------------------------------------------------

Click Start - Run, then type in

*%temp%*

and then click OK.

Click Start - Run, then type in

*c:\windows\temp*

and then click OK.

Once those 2 temp folders appear and you can view their contents, select and delete EVERYTHING that's inside them.

If a few files resist being deleted, that's normal behavior. Leave them alone and delete EVERYTHING else.

If a massive number of files are being deleted, the computer may appear to "hang". Be patient and wait for the deletion process to finish.

After it's done, restart the computer.

---------------------------------------------------

Right-click MY COMPUTER, then click Properties - Hardware - Device Manager.

Click the + in *Display Adapters*

Advise what's listed in that heading - exactly as you see it there.

---------------------------------------------------

Right-click MY COMPUTER, then click Properties.

Advised what's listed in the *Computer:* section in the "General" tab - exactly as you see it there.

---------------------------------------------------


----------



## dgp1939 (Oct 9, 2003)

Changed % settings, ran %temp% and c:\windows\temp & deleted files (except for one).

MY COMPUTER > Properties > Hardware > Device Manager

NVIDIA GeForce4 MX420

MY COMPUTER > Properties 

Computer section in the "General" tab:

Computer:
Intel(R)
Pentium(R) 4 CPU 2.00 Ghz
1.99 GHz 768MB of RAM


----------



## flavallee (May 12, 2002)

The processor is running at its full rated speed of 2.00 GHz, so that's good. :up:

That Dell Dimension 4500 has 768 MB of RAM, so I'm guessing that it has a 256 MB module in one slot and a 512 MB module in the other slot.

It supports up to 1024 MB of RAM, so you might consider replacing the 256 MB module with another 512 MB module in the future.

Adding more RAM is the most cost-effective performance boost that you can give it.

--------------------------------------------

Double-click the *NVIDIA GeForce4 MX420* entry to open its properties window.

Click the "Driver" tab.

Advise what the driver provider, driver date, and driver version is.

--------------------------------------------

Just for your information:

The purpose of having you change the recycle bin and system restore settings and delete the buildup of temp files was to reclaim more free space in the hard drive.

According to your DDS log, the hard drive has a capacity of 75 GB, but only had 19.6 GB of free space.

There's no need for the recycle bin and system restore to reserve so much hard drive space for their use. 3% is plenty.

Besides reclaiming more free space by deleting the buildup of temp files, retaining a large number of them can cause various issues.

--------------------------------------------


----------



## flavallee (May 12, 2002)

The most current driver for Windows XP for the NVIDIA GeForce4 MX420 appears to be *6.14.10.9371* and was released on November 2, 2006.

If you determine that you have an older version, download and save this version, then close all open windows first, then install it, then restart the computer.

See if updating the graphics driver resolves your monitor issues.

-------------------------------------------------------------

Do you have another monitor to connect to that desktop to see if it displays the same way?

What needs to be determined is if the monitor is the problem or if the desktop is the problem.

-------------------------------------------------------------


----------



## dgp1939 (Oct 9, 2003)

Having a problem with your last request:

"Double-click the NVIDIA GeForce4 MX420 entry to open its properties window.

Click the "Driver" tab.

Advise what the driver provider, driver date, and driver version is."

Sorry, you lost me on that one. I must be missing something . . . Where do I find the NVIDIA GeForce4 MX420 entry?


----------



## flavallee (May 12, 2002)

Re-read the next to the last section in post #13.

That's how you came up with that device description in the Device Manager.

----------------------------------------------------------------

I'm getting ready to shut down for the day.

I'll check back with you in the morning.

---------------------------------------------------------------


----------



## dgp1939 (Oct 9, 2003)

Something has gone askew here. My monitor has been performing perfectly for several months since it was purchased as a new OEM device. I have no other monitor to connect.

What I sense is that a virus has crept into my system most likely in conjunction with some recent download. Why would a monitor that had been performing perfectly for several months with whatever driver it was using suddenly become messed up at exactly the same time as I detected the appearance of Searchnu.com/406 and the inability to restore my system to a previous date and why wouldn't that failure make itself evident on every screen I bring up?

Also, why on earth would my monitor display incorrectly on just the startup desktop and not here,too? We seem to be developing a communication problem here.

My computer was running ok with 256MB of memory. I purchased some new hardware which required 512MB so I bought a 512MB card and installed it next to the old 256.


Don


----------



## dgp1939 (Oct 9, 2003)

Current Driver 

NVIDIA
10/6/2003
5.2.1.6

Will download newer version as suggested.


----------



## dgp1939 (Oct 9, 2003)

Downloaded the file. Upon attempting to install got a window:

"The following file is already on your computer:

C:\NVIDIA\WIN2KXP\93.71\Advanced.tv_ 

With a bunch of option buttons beneath. I did not finish the install.


----------



## flavallee (May 12, 2002)

It's obvious that you're getting frustrated with me and with my failure to resolve the display issue, so I'm going to bow out and request a gold/blue shield removal specialist jump in to assist you.

Read the topmost "sticky" in this section and submit new logs because the original ones are no longer valid.

-----------------------------------------------------------


----------



## flavallee (May 12, 2002)

dgp1939 said:


> Downloaded the file. Upon attempting to install got a window:
> 
> "The following file is already on your computer:
> 
> ...


Double-clicking the *setup.exe* file that's inside the *C:\NVIDIA\WIN2KXP\93.71* folder will start the install process.

-----------------------------------------------------------


----------



## dgp1939 (Oct 9, 2003)

Not frustrated at all! Just thought your workload might be a bit heavy and that I might be frustrating YOU! 

Don't go away yet, this may still work.

(Same thing I said to my wife this morning)


----------



## dgp1939 (Oct 9, 2003)

Ran Setup.exe and rebooted. Nothing seems to have changed. FYI my new monitor is a Dell 1n1910N flat screen and was purchased new just a few months ago. I had (back then) changed the screen resolution to accommodate the wider screen.


----------



## flavallee (May 12, 2002)

From what I can determine, the native resolution for the *Dell 1N1910N* 18.5" wide-screen LCD monitor is 1366 X 768.

LCD monitors display best at their native resolution.

-----------------------------------------------------------

Is the "Driver" tab for the NVIDIA GeForce4 MX420 showing the new driver date and driver version?

------------------------------------------------------------


----------



## dgp1939 (Oct 9, 2003)

Driver tab shows:

NVIDIA
10/22/2006
6.14.10.9371

Screen resolution set to 1360 X 768 at time of purchase.


----------



## flavallee (May 12, 2002)

dgp1939 said:


> Driver tab shows:
> 
> NVIDIA
> 10/22/2006
> ...


 :up:

---------------------------------------------------------

Have you tried turning off the monitor, then waiting for a minute, then turning it back on?

---------------------------------------------------------


----------



## dgp1939 (Oct 9, 2003)

I leave the tower powered up 24/7. When away from the computer, the monitor is always turned off. This can occur many times during a typical day.

I don't believe the problem I'm having deals in any way with the monitor, but I know that it needs to be eliminated as the culprit.

I know that at the time the critter bit me, I was using Google Chrome. 

I also have Opera and IE. Opera does not seem to be affected and I rarely open IE because I just don't like it.


----------



## flavallee (May 12, 2002)

I never leave my computer on 24/7, nor allow it to go into hibernate/sleep mode.

Unless I plan to return to it in a short time, I turn it off completely.

Turning it off automatically turns off the monitor.

Turning it back on automatically turns on the monitor.

I never touch the monitor on/off switch.

I'm strictly a Windows Internet Explorer user, and on occasion use Mozilla Firefox.

I've never used Google Chrome or Opera or any of the others. 

-------------------------------------------------------------

I'm not there, so it's difficult for me to determine why you're having monitor issues.

If you still believe it's infection-related, submit new logs.

I'll then request a gold/blue shield removal specialist jump in to assist you.

-------------------------------------------------------------


----------



## dgp1939 (Oct 9, 2003)

Thank you for trying.


----------



## flavallee (May 12, 2002)

You're welcome.

Submit the new logs, then let's see if a removal specialist can assist you.

-----------------------------------------------------------------


----------



## dgp1939 (Oct 9, 2003)

The new post shows up about 3 down from the old one.

Thanks again


----------



## dvk01 (Dec 14, 2002)

Delete any existing version of ComboFix you have sitting on your desktop
*Please read and follow all these instructions very carefully*​* Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.  *

Download ComboFix from *Here* or * Here*to your Desktop.
*As you download it rename it to username123.exe*

***Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer***
--------------------------------------------------------------------
1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.


*Very Important!* *Temporarily disable* your *anti-virus* and *anti-malware* real-time protection and any *script blocking components of them or your firewall*_* before* _performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause _"unpredictable results" or stop combofix running at all_
Click on *THIS LINK * to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
*Remember to re enable the protection again after combofix has finished*
--------------------------------------------------------------------
2. Close any open browsers and any other programs you might have running 
Double click on *renamed combofix.exe* & follow the prompts.​If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
When finished, it will produce a report for you. 
Please post the *"C:\ComboFix.txt" * for further review

*****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze *****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read  HERE  why we disable autoruns

*Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version. *

Please tell us if it has cured the problems or if there are any outstanding issues


----------



## dgp1939 (Oct 9, 2003)

Ran scan as suggested. Upon completion and after automatic reboot, the condition still exists. Of course, it was not expected that salvation would occur at first blush.

Logfile:

ComboFix 12-06-01.03 - Don 06/01/2012 15:37:32.4.1 - x86
Running from: c:\documents and settings\Don\My Documents\Downloads\username123.exe.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: PC Cleaners *Disabled/Updated* {737A8864-C2D9-4337-B49A-B5E35815B9BB}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
C:\install.exe
c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\_000012_.tmp.dll
c:\windows\system32\e103ddd6.exe
c:\windows\system32\PowerToyReadme.htm
c:\windows\system32\tmp12E.tmp
c:\windows\system32\tmp12F.tmp
c:\windows\system32\tmp130.tmp
c:\windows\system32\tmp131.tmp
c:\windows\system32\tmp1E85.tmp
c:\windows\system32\tmp1E86.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_xcpip
.
.
((((((((((((((((((((((((( Files Created from 2012-05-01 to 2012-06-01 )))))))))))))))))))))))))))))))
.
.
2012-06-01 11:56 . 2003-11-10 22:10	32768	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2012-06-01 07:15 . 2012-06-01 07:15	--------	d-----w-	c:\program files\Microsoft CAPICOM 2.1.0.2
2012-05-31 16:04 . 2012-05-31 16:04	--------	d-----w-	c:\documents and settings\Don\Local Settings\Application Data\Sun
2012-05-31 15:58 . 2012-05-31 15:58	--------	d-----w-	c:\program files\Common Files\Java
2012-05-31 15:57 . 2012-05-31 15:57	--------	d-----w-	c:\program files\Oracle
2012-05-31 15:57 . 2012-05-31 15:57	--------	d-----w-	c:\documents and settings\Don\Application Data\Oracle
2012-05-31 15:20 . 2012-06-01 19:25	56200	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D87E22D0-5EB6-4770-93D4-5A27F119A0E5}\offreg.dll
2012-05-31 15:03 . 2012-05-08 13:40	6737808	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D87E22D0-5EB6-4770-93D4-5A27F119A0E5}\mpengine.dll
2012-05-31 14:57 . 2012-05-31 14:58	--------	d-----w-	c:\program files\Microsoft Security Client
2012-05-31 14:48 . 2012-04-04 22:47	143872	----a-w-	c:\windows\system32\javacpl.cpl
2012-05-30 15:54 . 2012-05-30 15:54	--------	d-----w-	c:\documents and settings\Don\Application Data\SUPERAntiSpyware.com
2012-05-30 15:54 . 2012-05-30 15:54	--------	d-----w-	c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-05-30 15:04 . 2012-05-30 15:08	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-05-30 15:04 . 2012-04-04 19:56	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-05-30 14:00 . 2012-05-30 14:00	--------	d-----w-	c:\documents and settings\Don\Application Data\vShare
2012-05-26 12:03 . 2012-05-26 12:03	--------	d-----w-	c:\documents and settings\Don\AppData
2012-05-26 12:03 . 2012-05-26 12:03	--------	d-----w-	c:\documents and settings\Don\Application Data\searchquband
2012-05-24 10:58 . 2012-06-01 11:23	--------	d-----w-	C:\Juststuff9
2012-05-22 19:53 . 2012-05-27 11:45	--------	d-----w-	c:\documents and settings\All Users\Application Data\boost_interprocess
2012-05-22 19:53 . 2012-05-22 19:53	--------	d-----w-	c:\documents and settings\Don\Local Settings\Application Data\Ilivid Player
2012-05-22 19:35 . 2012-05-22 19:35	159744	----a-w-	c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2012-05-22 19:35 . 2012-05-22 19:35	159744	----a-w-	c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2012-05-22 19:35 . 2012-05-22 19:35	159744	----a-w-	c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2012-05-22 19:35 . 2012-05-22 19:35	159744	----a-w-	c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2012-05-22 19:35 . 2012-05-22 19:35	159744	----a-w-	c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2012-05-22 19:35 . 2012-05-22 19:35	159744	----a-w-	c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2012-05-22 19:35 . 2012-05-22 19:35	159744	----a-w-	c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2012-05-22 19:34 . 2012-05-22 19:35	--------	d-----w-	c:\program files\QuickTime
2012-05-22 19:28 . 2012-05-22 19:28	--------	d-----w-	c:\program files\Common Files\Apple
2012-05-22 19:27 . 2012-05-22 19:27	--------	d-----w-	c:\program files\Apple Software Update
2012-05-22 17:23 . 2012-05-22 17:23	249856	------w-	c:\windows\Setup1.exe
2012-05-22 17:23 . 2012-05-22 17:23	73216	----a-w-	c:\windows\ST6UNST.EXE
2012-05-19 13:25 . 2012-05-19 13:25	--------	d-----w-	c:\documents and settings\All Users\Application Data\AVS4YOU
2012-05-19 13:25 . 2012-05-19 13:25	--------	d-----w-	c:\documents and settings\Don\Application Data\AVS4YOU
2012-05-19 13:21 . 2012-05-19 13:46	--------	d-----w-	c:\program files\Common Files\AVSMedia
2012-05-19 13:17 . 2012-05-19 13:46	--------	d-----w-	c:\program files\AVS4YOU
2012-05-18 17:33 . 2012-05-18 17:33	50	----a-w-	C:\user.js
2012-05-18 16:59 . 2012-05-19 11:56	--------	d-----w-	c:\program files\blekkotb_soc
2012-05-16 19:36 . 2012-05-16 19:36	--------	d-----w-	c:\documents and settings\Don\Local Settings\Application Data\Babylon
2012-05-16 19:36 . 2012-05-16 19:36	--------	d-----w-	c:\documents and settings\All Users\Application Data\Babylon
2012-05-16 19:36 . 2012-05-16 19:36	--------	d-----w-	c:\documents and settings\Don\Application Data\Babylon
2012-05-16 19:11 . 2012-06-01 13:31	--------	d-----w-	c:\program files\DreamScene XP
2012-05-15 20:33 . 2012-05-20 18:38	--------	d-----w-	c:\documents and settings\Don\Local Settings\Application Data\RcIncidents
2012-05-15 19:07 . 2012-05-15 19:07	--------	d-----w-	c:\documents and settings\Don\Local Settings\Application Data\Wondershare
2012-05-15 19:07 . 2012-05-15 19:07	--------	d-----w-	c:\program files\Common Files\Wondershare
2012-05-15 19:07 . 2012-05-15 19:07	--------	d-----w-	c:\documents and settings\Don\Application Data\Wondershare
2012-05-15 19:07 . 2012-05-15 19:07	--------	d-----w-	c:\program files\Wondershare
2012-05-15 18:14 . 2012-05-15 18:14	--------	d-----w-	c:\documents and settings\Don\Application Data\blekkotb_019
2012-05-15 12:39 . 2012-05-15 12:39	--------	d-sh--w-	c:\documents and settings\LocalService\IETldCache
2012-05-14 16:11 . 2012-05-14 16:11	--------	d-----w-	c:\program files\Image Icon Converter
2012-05-14 16:10 . 2012-05-28 12:48	--------	d-----w-	c:\documents and settings\All Users\Application Data\Tarma Installer
2012-05-14 13:11 . 2004-01-09 14:54	188416	----a-w-	c:\windows\system32\actsplash.ocx
2012-05-14 13:11 . 2007-06-11 15:04	2267368	----a-w-	c:\windows\system32\Flash9d.ocx
2012-05-14 13:11 . 2004-02-06 01:53	389120	----a-w-	c:\windows\system32\actskn43.ocx
2012-05-14 13:11 . 2012-05-14 13:11	--------	d-----w-	c:\program files\AudioShareware.com
2012-05-14 12:44 . 2012-05-19 11:56	--------	d-----w-	c:\documents and settings\All Users\Application Data\blekko toolbars
2012-05-14 12:43 . 2012-05-14 12:43	--------	d-----w-	c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc
2012-05-14 12:43 . 2012-05-14 12:43	--------	d-----w-	c:\documents and settings\All Users\Application Data\Anti-phishing Domain Advisor
2012-05-09 12:16 . 2012-05-27 22:09	--------	d-----w-	c:\program files\Microsoft
2012-05-09 12:00 . 2012-05-09 12:00	--------	d-----w-	c:\program files\Common Files\Windows Live
2012-05-08 16:50 . 2012-05-08 16:50	--------	d-----w-	c:\documents and settings\Don\Local Settings\Application Data\Logitech® Webcam Software
2012-05-08 16:43 . 2012-05-08 16:43	53248	----a-r-	c:\documents and settings\Don\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-05-08 16:37 . 2012-05-08 16:37	--------	d-----w-	c:\documents and settings\All Users\Application Data\Logitech
2012-05-08 16:37 . 2012-05-08 16:37	--------	d-----w-	c:\program files\Common Files\LWS
2012-05-08 16:35 . 2012-05-08 16:35	--------	d-----w-	c:\documents and settings\All Users\Application Data\LogiShrd
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 10:16 . 2012-04-19 11:23	419488	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-05-05 10:16 . 2012-02-22 17:09	70304	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-19 00:56 . 2012-04-19 00:56	94208	----a-w-	c:\windows\system32\QuickTimeVR.qtx
2012-04-19 00:56 . 2012-04-19 00:56	69632	----a-w-	c:\windows\system32\QuickTime.qts
2012-04-11 22:05 . 2001-08-18 12:00	2069120	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-04-11 13:12 . 2001-08-18 12:00	1862272	----a-w-	c:\windows\system32\win32k.sys
2012-04-11 13:10 . 2001-08-18 12:00	2192640	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-04-04 22:47 . 2012-05-31 14:48	772504	----a-w-	c:\windows\system32\npdeployJava1.dll
2012-04-04 22:47 . 2010-09-07 12:20	687504	----a-w-	c:\windows\system32\deployJava1.dll
2012-03-21 00:44 . 2012-03-21 00:44	171064	----a-w-	c:\windows\system32\drivers\MpFilter.sys
2012-03-15 21:02 . 2009-12-27 16:48	2377696	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2010-05-07 16:10 . 2010-05-07 16:10	4007544	----a-w-	c:\program files\pdf-to-word-converter.exe
2010-02-27 21:18 . 2010-02-27 21:18	0	----a-w-	c:\program files\Silverlight.exe
2009-12-28 19:21 . 2009-12-28 19:21	2728440	----a-w-	c:\program files\vcsetup.exe
2009-12-27 15:08 . 2009-12-27 15:09	4621632	----a-w-	c:\program files\vs_proweb.exe
2008-08-31 12:53 . 2008-08-06 21:27	3520552	----a-w-	c:\program files\procexp.exe
2008-04-05 15:19 . 2008-04-05 15:18	7036642	----a-w-	c:\program files\AID_Personal_Setup.exe
2008-04-05 14:57 . 2008-04-05 14:56	5660000	----a-w-	c:\program files\labelm.exe
2008-04-02 20:11 . 2008-04-02 20:11	7042688	----a-w-	c:\program files\AID_Enterprise_Setup.exe
2008-04-02 16:07 . 2008-04-02 16:14	23510720	----a-w-	c:\program files\DotNetfx.exe
2008-04-02 16:01 . 2008-04-02 16:01	22646046	----a-w-	c:\program files\easycardcreator_free_setup.exe
2005-08-23 14:22 . 2005-08-26 15:33	10488666	-c--a-w-	c:\program files\dwizen.exe
2005-07-15 17:23 . 2005-07-15 17:23	334	-c--a-w-	c:\program files\layout.bin
2003-03-26 13:52 . 2005-08-26 15:33	1150945	-c--a-w-	c:\program files\svinstall_s_libs.exe
2003-03-14 16:59 . 2005-08-26 15:33	266843	----a-w-	c:\program files\nistime-32bit.exe
2003-03-14 16:45 . 2005-08-26 15:33	1771688	-c--a-w-	c:\program files\atc28.exe
2003-03-14 16:31 . 2005-08-26 15:33	646610	-c--a-w-	c:\program files\ats20b1.exe
2001-05-11 15:39 . 2005-08-26 15:33	53248	----a-w-	c:\program files\ACMonitor_X73.exe
1997-06-02 16:17 . 1997-06-02 16:17	8192	----a-w-	c:\program files\_ISDEL.EXE
1997-06-02 16:17 . 1997-06-02 16:17	11264	----a-w-	c:\program files\_SETUP.DLL
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-05-03 17355912]
"Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-21 3905920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"Microsoft Works Portfolio"="c:\program files\Microsoft Works\WksSb.exe" [2001-08-23 331830]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-17 28738]
"lxdnmon.exe"="c:\program files\Lexmark 2600 Series\lxdnmon.exe" [2009-01-29 660136]
"lxdnamon"="c:\program files\Lexmark 2600 Series\lxdnamon.exe" [2009-01-29 16040]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2009-01-29 320168]
"PhotoExplosionCalCheck"="c:\program files\Nova Development\Photo Explosion 3.0 SE\calcheck.exe" [2006-09-20 69632]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"Anti-phishing Domain Advisor"="c:\documents and settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2012-05-03 217256]
"Wondershare Helper Compact.exe"="c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2012-02-28 1679360]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
.
c:\documents and settings\Don\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - c:\program files\Logitech\Ereg\eReg.exe [2009-11-16 517384]
OpenOffice.org 3.4.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2012-4-19 1199104]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Event Reminder.lnk - c:\program files\PrintMaster 16\pmremind.exe [2004-1-20 339968]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Microsoft Works Calendar Reminders.lnk - c:\program files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2001-8-7 24633]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54	551296	----a-w-	c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders	msapsspc.dll schannel.dll digest.dll msnsspc.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Reminder.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk
backup=c:\windows\pss\Event Reminder.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk
backup=c:\windows\pss\Exif Launcher.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=c:\windows\pss\Google Updater.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-03-27 12:41	37296	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12	15360	----a-w-	c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2006-10-22 16:22	7700480	----a-w-	c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2006-10-22 16:22	86016	----a-w-	c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-10-22 16:22	1622016	----a-w-	c:\windows\system32\nwiz.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\mmc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\lxdncoms.exe"=
"c:\\Program Files\\Lexmark 2600 Series\\lxdnamon.exe"=
"c:\\Program Files\\Lexmark 2600 Series\\frun.exe"=
"c:\\Program Files\\Abbyy FineReader 6.0 Sprint\\Scan\\ScanMan6.exe"=
"c:\\Program Files\\Lexmark Fax Solutions\\FaxCtr.exe"=
"c:\\Program Files\\Lexmark 2600 Series\\lxdnmon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdntime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnjswx.exe"=
"c:\\Program Files\\Lexmark 2600 Series\\Diagnostics\\LXDNdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Lexmark 2600 Series\\lxdnlscn.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*isabled:Windows Remote Management 
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 7:38 PM 116608]
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5/30/2012 11:04 AM 654408]
R2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [1/18/2012 2:44 AM 450848]
R3 CompFilter;UVCCompositeFilter;c:\windows\system32\drivers\lvbusflt.sys [11/9/2010 10:46 PM 22176]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5/30/2012 11:04 AM 22344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/5/2010 3:49 PM 135664]
S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [9/8/2010 11:33 AM 98984]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [5/3/2012 8:31 AM 158856]
S2 wowsystemcode;Remote TCP/IPv6;c:\windows\System32\svchost.exe -k netsvcs [8/18/2001 8:00 AM 14336]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/19/2012 7:23 AM 257696]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/5/2010 3:49 PM 135664]
S3 PPCtlPriv;PPCtlPriv;"c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe" --> c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/18/2001 8:00 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S3 xpsec;IPSEC driver;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/22/2009 11:08 PM 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [3/30/2009 4:09 AM 239336]
S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [3/30/2009 4:23 AM 366936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM	REG_MULTI_SZ WINRM
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
wowsystemcode
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 10:16]
.
2012-06-01 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-09 10:50]
.
2012-06-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 19:48]
.
2012-06-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 19:48]
.
2012-06-01 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 21:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.searchnu.com/406
uInternet Connection Wizard,ShellNext = hxxp://www.broderbund.com/jump.jsp?itemID=442&itemType=CATEGORY
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
AddRemove-e103ddd6 - c:\windows\system32\e103ddd6.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-01 15:57
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(592)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(3516)
c:\windows\system32\WININET.dll
c:\documents and settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\msi.dll
c:\windows\IME\SPGRMR.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\dfshim.dll
c:\program files\Microsoft Money\System\mnyviewer.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\devldr32.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\System32\CTsvcCDA.EXE
c:\program files\Olympus\DeviceDetector\DM1Service.exe
c:\program files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
c:\windows\system32\lxdncoms.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\System32\MsPMSPSv.exe
c:\windows\system32\fxssvc.exe
c:\windows\system32\wscntfy.exe
c:\program files\Lexmark 2600 Series\lxdnMsdMon.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
.
**************************************************************************
.
Completion time: 2012-06-01 16:16:59 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-01 20:16
ComboFix2.txt 2011-10-31 13:00
.
Pre-Run: 25,870,053,376 bytes free
Post-Run: 25,607,479,296 bytes free
.
- - End Of File - - F94B8C4FA6EB7A74CEB4E7E60B99E6CC


----------



## dvk01 (Dec 14, 2002)

Download the attached CFScript.txt and save it to your desktop ( click on the link underneath this post & if you are using internet explorer when the "File download" pop up comes press *SAVE * and choose desktop in the list of selections in that window & press save)

*Disable any antivirus/antimalware/firewall realtime protection or script blocking in the same way you did previously before running combofix & remember to re-enable it when it has finished *

Close any open browsers 
Then drag the CFScript.txt into the ComboFix.exe or renamed combofix icon as shown in the screenshot below.










This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply .

*Note: these instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system and will not fix your problem. If you have a similar problem start your own topic in the malware fixing forum *


----------



## flavallee (May 12, 2002)

I'll leave you with *dvk01* from here on. Good luck. :up:

----------------------------------------------------------


----------



## dgp1939 (Oct 9, 2003)

ComboFix 12-06-02.02 - Don 06/02/2012 9:00.5.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767.375 [GMT -4:00]
Running from: c:\documents and settings\Don\My Documents\Downloads\username123.exe.exe
Command switches used :: c:\documents and settings\Don\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: PC Cleaners *Disabled/Updated* {737A8864-C2D9-4337-B49A-B5E35815B9BB}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Babylon
c:\documents and settings\All Users\Application Data\blekko toolbars
c:\documents and settings\All Users\Application Data\boost_interprocess
c:\documents and settings\All Users\Application Data\boost_interprocess\170BB99FFD3BCD01\{1832B446-3F6D-4880-99C1-0B3B26170D94}
c:\documents and settings\Don\Application Data\Babylon
c:\documents and settings\Don\Application Data\Babylon\log_file.txt
c:\documents and settings\Don\Application Data\blekkotb_019
c:\documents and settings\Don\Application Data\searchquband
c:\documents and settings\Don\Application Data\vShare
c:\documents and settings\Don\Application Data\vShare\toolbar_log.txt
c:\documents and settings\Don\Local Settings\Application Data\Babylon
c:\documents and settings\Don\Local Settings\Application Data\Babylon\Setup\bab033.tbinst.dat
c:\documents and settings\Don\Local Settings\Application Data\Babylon\Setup\bab091.norecovericon.dat
c:\documents and settings\Don\Local Settings\Application Data\Babylon\Setup\Babylon.dat
c:\documents and settings\Don\Local Settings\Application Data\Babylon\Setup\BExternal.dll
c:\documents and settings\Don\Local Settings\Application Data\Babylon\Setup\Chrome_tb.zpb
c:\documents and settings\Don\Local Settings\Application Data\Babylon\Setup\HtmlScreens\blueStar.png
c:\documents and settings\Don\Local Settings\Application Data\Babylon\Setup\HtmlScreens\eula.html
c:\documents and settings\Don\Local Settings\Application Data\Babylon\Setup\HtmlScreens\globe.png
c:\documents and settings\Don\Local Settings\Application Data\Babylon\Setup\HtmlScreens\options.js
c:\documents and settings\Don\Local Settings\Application Data\Babylon\Setup\HtmlScreens\page0.html
c:\documents and settings\Don\Local Settings\Application Data\Babylon\Setup\HtmlScreens\page2.css
c:\documents and settings\Don\Local Settings\Application Data\Babylon\Setup\HtmlScreens\page2.html
c:\documents and settings\Don\Local Settings\Application Data\Babylon\Setup\HtmlScreens\page2Lrg.css
c:\documents and settings\Don\Local Settings\Application Data\Babylon\Setup\HtmlScreens\page3.css
c:\documents and settings\Don\Local Settings\Application Data\Babylon\Setup\HtmlScreens\page3.html
c:\documents and settings\Don\Local Settings\Application Data\Babylon\Setup\HtmlScreens\page3Lrg.css
c:\documents and settings\Don\Local Settings\Application Data\Babylon\Setup\HtmlScreens\pBar.gif
c:\documents and settings\Don\Local Settings\Application Data\Babylon\Setup\HtmlScreens\progress.png
c:\documents and settings\Don\Local Settings\Application Data\Babylon\Setup\HtmlScreens\setup.js
c:\documents and settings\Don\Local Settings\Application Data\Babylon\Setup\HtmlScreens\title.png
c:\documents and settings\Don\Local Settings\Application Data\Babylon\Setup\HtmlScreens\toolBar.jpg
c:\documents and settings\Don\Local Settings\Application Data\Babylon\Setup\IECookieLow.dll
c:\documents and settings\Don\Local Settings\Application Data\Babylon\Setup\Setup-latest-30b.zpb
c:\documents and settings\Don\Local Settings\Application Data\Babylon\Setup\Setup-tbmntr903.zpb
c:\documents and settings\Don\Local Settings\Application Data\Babylon\Setup\Setup.exe
c:\documents and settings\Don\Local Settings\Application Data\Babylon\Setup\SetupStrings.dat
c:\documents and settings\Don\Local Settings\Application Data\Babylon\Setup\sign
c:\documents and settings\Don\Local Settings\Application Data\Babylon\Setup\sqlite3.dll
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\catalog.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120529153111-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120529153111-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120529153538-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120529153538-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120529160159-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120529160159-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120529170310-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120529170310-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120529170739-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120529170739-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120529173331-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120529173331-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120529180401-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120529180401-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120529180850-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120529180850-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120529183449-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120529183449-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120529183930-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120529183930-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120529190527-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120529190527-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120529194042-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120529194042-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120529200637-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120529200637-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120529204103-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120529204103-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120529210700-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120529210700-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120529211145-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120529211145-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120529213735-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120529213735-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120529223752-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120529223752-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120529224007-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120529224007-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120529224216-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120529224216-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120529230809-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120529230809-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120529233816-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120529233816-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530000825-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530000825-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530003850-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530003850-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530004317-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530004317-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530011000-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530011000-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530011318-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530011318-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530014011-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530014011-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530014330-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530014330-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530021031-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530021031-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530024036-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530024036-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530024354-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530024354-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530031118-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530031118-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530031438-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530031438-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530034133-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530034133-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530041150-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530041150-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530041509-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530041509-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530044203-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530044203-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530051217-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530051217-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530051535-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530051535-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530054318-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530054318-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530061331-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530061331-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530061649-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530061649-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530064407-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530064407-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530064726-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530064726-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530071507-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530071507-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530081552-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530081552-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530084601-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530084601-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530084941-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530084941-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530091646-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530091646-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530092006-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530092006-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530094745-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530094745-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530095105-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530095105-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530101816-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530101816-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530102137-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530102137-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530111934-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530111934-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530112253-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530112253-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530114010-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530114010-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530114949-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530114949-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530122031-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530122031-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530125056-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530125056-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530132139-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530132139-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530135544-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530135544-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530142159-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530142159-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530145215-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530145215-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530152709-f.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530155320-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530155320-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530155745-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530155745-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530162022-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530162022-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530162342-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530162342-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530162807-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530162807-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530172441-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530172441-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530175531-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530175531-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530175957-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530175957-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530185636-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530185636-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530190103-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530190103-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530192734-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530192734-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530202836-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530202836-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530203302-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530203302-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530205909-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530205909-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530212949-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530212949-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530213419-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530213419-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530220032-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530220032-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530222031-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530222031-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530223132-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530223132-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530223557-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530223557-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530233246-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530233246-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530233712-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120530233712-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531000324-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531000324-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531003426-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531003426-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531010916-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531010916-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531013601-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531013601-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531013922-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531013922-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531020639-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531020639-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531024043-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531024043-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531030757-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531030757-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531033840-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531033840-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531040908-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531040908-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531041231-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531041231-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531044018-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531044018-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531050940-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531050940-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531051407-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531051407-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531054046-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531054046-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531054511-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531054511-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531061122-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531061122-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531064136-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531064136-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531064707-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531064707-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531071218-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531071218-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531074318-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531074318-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531074850-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531074850-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531080148-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531080148-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531081340-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531081340-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531081905-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531081905-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531084403-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531084403-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531084930-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531084930-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531091416-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531091416-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531094429-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531094429-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531101515-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531101515-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531102039-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531102039-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531104611-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531104611-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531111634-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531111634-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531112156-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531112156-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531121806-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531121806-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531124029-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531124029-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531124859-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531124859-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531135002-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531135002-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531135524-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531135524-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531142014-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531142014-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531145617-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531145617-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531162208-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531162208-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531162729-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531162729-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531172354-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531172354-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531172838-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531172838-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531182058-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531182058-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531182512-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531182512-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531183038-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531183038-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531190138-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531190138-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531192611-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531192611-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531200329-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531200329-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531202316-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531202316-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531212450-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531212450-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531215529-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531215529-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531222625-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531222625-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531232801-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120531232801-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120601002934-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120601002934-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120601013039-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120601013039-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120601020126-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120601020126-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120601030257-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120601030257-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120601040428-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120601040428-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120601042024-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120601042024-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120601043524-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120601043524-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120601044047-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120601044047-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120601050608-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120601050608-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120601053701-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120601053701-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120601060741-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120601060741-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120601064040-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120601064040-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120601070913-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120601070913-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120601080111-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120601080111-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120601081044-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120601081044-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120601082018-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120601082018-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120601091209-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120601091209-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120601094300-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120601094300-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120601101338-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120601101338-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120601111512-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120601111512-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120601121640-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120601121640-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120601131809-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120601131809-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120601134901-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120601134901-m.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120601141944-l.list
c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc\data\120601141944-m.list
c:\program files\blekkotb_soc
c:\program files\blekkotb_soc\chrome\content\sourceid.xml
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_WOWSYSTEMCODE
-------\Service_wowsystemcode
.
.
((((((((((((((((((((((((( Files Created from 2012-05-02 to 2012-06-02 )))))))))))))))))))))))))))))))
.
.
2012-06-02 13:21 . 2012-06-02 13:21	--------	d-----w-	c:\documents and settings\Don\Local Settings\Application Data\blekkotb_soc
2012-06-01 20:24 . 2012-05-08 13:40	6737808	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{708F5C45-B405-4742-A66F-8A413BFE9A79}\mpengine.dll
2012-06-01 11:56 . 2003-11-10 22:10	32768	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2012-06-01 07:15 . 2012-06-01 07:15	--------	d-----w-	c:\program files\Microsoft CAPICOM 2.1.0.2
2012-05-31 16:04 . 2012-05-31 16:04	--------	d-----w-	c:\documents and settings\Don\Local Settings\Application Data\Sun
2012-05-31 15:58 . 2012-05-31 15:58	--------	d-----w-	c:\program files\Common Files\Java
2012-05-31 15:57 . 2012-05-31 15:57	--------	d-----w-	c:\program files\Oracle
2012-05-31 15:57 . 2012-05-31 15:57	--------	d-----w-	c:\documents and settings\Don\Application Data\Oracle
2012-05-31 15:03 . 2012-05-08 13:40	6737808	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-31 15:03 . 2012-01-31 12:44	237072	------w-	c:\windows\system32\MpSigStub.exe
2012-05-31 14:57 . 2012-05-31 14:58	--------	d-----w-	c:\program files\Microsoft Security Client
2012-05-31 14:48 . 2012-04-04 22:47	143872	----a-w-	c:\windows\system32\javacpl.cpl
2012-05-31 14:48 . 2012-04-04 22:47	772504	----a-w-	c:\windows\system32\npdeployJava1.dll
2012-05-30 15:54 . 2012-05-30 15:54	--------	d-----w-	c:\documents and settings\Don\Application Data\SUPERAntiSpyware.com
2012-05-30 15:54 . 2012-05-30 15:54	--------	d-----w-	c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-05-30 15:04 . 2012-05-30 15:08	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-05-30 15:04 . 2012-04-04 19:56	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-05-26 12:03 . 2012-05-26 12:03	--------	d-----w-	c:\documents and settings\Don\AppData
2012-05-24 10:58 . 2012-06-02 11:10	--------	d-----w-	C:\Juststuff9
2012-05-22 19:53 . 2012-05-22 19:53	--------	d-----w-	c:\documents and settings\Don\Local Settings\Application Data\Ilivid Player
2012-05-22 19:35 . 2012-05-22 19:35	159744	----a-w-	c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2012-05-22 19:35 . 2012-05-22 19:35	159744	----a-w-	c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2012-05-22 19:35 . 2012-05-22 19:35	159744	----a-w-	c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2012-05-22 19:35 . 2012-05-22 19:35	159744	----a-w-	c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2012-05-22 19:35 . 2012-05-22 19:35	159744	----a-w-	c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2012-05-22 19:35 . 2012-05-22 19:35	159744	----a-w-	c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2012-05-22 19:35 . 2012-05-22 19:35	159744	----a-w-	c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2012-05-22 19:34 . 2012-05-22 19:35	--------	d-----w-	c:\program files\QuickTime
2012-05-22 19:28 . 2012-05-22 19:28	--------	d-----w-	c:\program files\Common Files\Apple
2012-05-22 19:27 . 2012-05-22 19:27	--------	d-----w-	c:\program files\Apple Software Update
2012-05-22 17:23 . 2012-05-22 17:23	249856	------w-	c:\windows\Setup1.exe
2012-05-22 17:23 . 2012-05-22 17:23	73216	----a-w-	c:\windows\ST6UNST.EXE
2012-05-19 13:25 . 2012-05-19 13:25	--------	d-----w-	c:\documents and settings\All Users\Application Data\AVS4YOU
2012-05-19 13:25 . 2012-05-19 13:25	--------	d-----w-	c:\documents and settings\Don\Application Data\AVS4YOU
2012-05-19 13:21 . 2012-05-19 13:46	--------	d-----w-	c:\program files\Common Files\AVSMedia
2012-05-19 13:21 . 2012-01-11 17:05	11139944	----a-w-	c:\windows\system32\libmfxsw32.dll
2012-05-19 13:21 . 2010-11-13 00:18	24576	----a-w-	c:\windows\system32\msxml3a.dll
2012-05-19 13:17 . 2012-05-19 13:46	--------	d-----w-	c:\program files\AVS4YOU
2012-05-18 17:33 . 2012-05-18 17:33	50	----a-w-	C:\user.js
2012-05-16 19:11 . 2012-06-01 13:31	--------	d-----w-	c:\program files\DreamScene XP
2012-05-15 20:33 . 2012-05-20 18:38	--------	d-----w-	c:\documents and settings\Don\Local Settings\Application Data\RcIncidents
2012-05-15 19:07 . 2012-05-15 19:07	--------	d-----w-	c:\documents and settings\Don\Local Settings\Application Data\Wondershare
2012-05-15 19:07 . 2012-05-15 19:07	--------	d-----w-	c:\program files\Common Files\Wondershare
2012-05-15 19:07 . 2012-05-15 19:07	--------	d-----w-	c:\documents and settings\Don\Application Data\Wondershare
2012-05-15 19:07 . 2012-05-15 19:07	--------	d-----w-	c:\program files\Wondershare
2012-05-15 12:39 . 2012-05-15 12:39	--------	d-sh--w-	c:\documents and settings\LocalService\IETldCache
2012-05-14 16:11 . 2012-05-14 16:11	--------	d-----w-	c:\program files\Image Icon Converter
2012-05-14 16:10 . 2012-05-28 12:48	--------	d-----w-	c:\documents and settings\All Users\Application Data\Tarma Installer
2012-05-14 13:11 . 2004-01-09 14:54	188416	----a-w-	c:\windows\system32\actsplash.ocx
2012-05-14 13:11 . 2000-07-15 10:00	101888	----a-w-	c:\windows\system32\VB6STKIT.DLL
2012-05-14 13:11 . 2007-06-11 15:04	2267368	----a-w-	c:\windows\system32\Flash9d.ocx
2012-05-14 13:11 . 2006-06-20 16:30	741376	----a-w-	c:\windows\system32\SkinCrafter.dll
2012-05-14 13:11 . 2004-02-06 01:53	389120	----a-w-	c:\windows\system32\actskn43.ocx
2012-05-14 13:11 . 1998-06-24 12:00	82744	----a-w-	c:\windows\system32\PICCLP32.OCX
2012-05-14 13:11 . 2012-05-14 13:11	--------	d-----w-	c:\program files\AudioShareware.com
2012-05-14 12:43 . 2012-05-14 12:43	--------	d-----w-	c:\documents and settings\All Users\Application Data\Anti-phishing Domain Advisor
2012-05-09 12:16 . 2012-05-27 22:09	--------	d-----w-	c:\program files\Microsoft
2012-05-09 12:00 . 2012-05-09 12:00	--------	d-----w-	c:\program files\Common Files\Windows Live
2012-05-08 16:50 . 2012-05-08 16:50	--------	d-----w-	c:\documents and settings\Don\Local Settings\Application Data\Logitech® Webcam Software
2012-05-08 16:43 . 2012-05-08 16:43	53248	----a-r-	c:\documents and settings\Don\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-05-08 16:37 . 2012-05-08 16:37	--------	d-----w-	c:\documents and settings\All Users\Application Data\Logitech
2012-05-08 16:37 . 2012-05-08 16:37	--------	d-----w-	c:\program files\Common Files\LWS
2012-05-08 16:35 . 2012-05-08 16:35	--------	d-----w-	c:\documents and settings\All Users\Application Data\LogiShrd
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 10:16 . 2012-04-19 11:23	419488	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-05-05 10:16 . 2012-02-22 17:09	70304	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-19 00:56 . 2012-04-19 00:56	94208	----a-w-	c:\windows\system32\QuickTimeVR.qtx
2012-04-19 00:56 . 2012-04-19 00:56	69632	----a-w-	c:\windows\system32\QuickTime.qts
2012-04-11 22:05 . 2001-08-18 12:00	2069120	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-04-11 13:12 . 2001-08-18 12:00	1862272	----a-w-	c:\windows\system32\win32k.sys
2012-04-11 13:10 . 2001-08-18 12:00	2192640	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-04-04 22:47 . 2010-09-07 12:20	687504	----a-w-	c:\windows\system32\deployJava1.dll
2012-03-21 00:44 . 2012-03-21 00:44	171064	----a-w-	c:\windows\system32\drivers\MpFilter.sys
2012-03-15 21:02 . 2009-12-27 16:48	2377696	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2010-05-07 16:10 . 2010-05-07 16:10	4007544	----a-w-	c:\program files\pdf-to-word-converter.exe
2010-02-27 21:18 . 2010-02-27 21:18	0	----a-w-	c:\program files\Silverlight.exe
2009-12-28 19:21 . 2009-12-28 19:21	2728440	----a-w-	c:\program files\vcsetup.exe
2009-12-27 15:08 . 2009-12-27 15:09	4621632	----a-w-	c:\program files\vs_proweb.exe
2008-08-31 12:53 . 2008-08-06 21:27	3520552	----a-w-	c:\program files\procexp.exe
2008-04-05 15:19 . 2008-04-05 15:18	7036642	----a-w-	c:\program files\AID_Personal_Setup.exe
2008-04-05 14:57 . 2008-04-05 14:56	5660000	----a-w-	c:\program files\labelm.exe
2008-04-02 20:11 . 2008-04-02 20:11	7042688	----a-w-	c:\program files\AID_Enterprise_Setup.exe
2008-04-02 16:07 . 2008-04-02 16:14	23510720	----a-w-	c:\program files\DotNetfx.exe
2008-04-02 16:01 . 2008-04-02 16:01	22646046	----a-w-	c:\program files\easycardcreator_free_setup.exe
2005-08-23 14:22 . 2005-08-26 15:33	10488666	-c--a-w-	c:\program files\dwizen.exe
2005-07-15 17:23 . 2005-07-15 17:23	334	-c--a-w-	c:\program files\layout.bin
2003-03-26 13:52 . 2005-08-26 15:33	1150945	-c--a-w-	c:\program files\svinstall_s_libs.exe
2003-03-14 16:59 . 2005-08-26 15:33	266843	----a-w-	c:\program files\nistime-32bit.exe
2003-03-14 16:45 . 2005-08-26 15:33	1771688	-c--a-w-	c:\program files\atc28.exe
2003-03-14 16:31 . 2005-08-26 15:33	646610	-c--a-w-	c:\program files\ats20b1.exe
2001-05-11 15:39 . 2005-08-26 15:33	53248	----a-w-	c:\program files\ACMonitor_X73.exe
1997-06-02 16:17 . 1997-06-02 16:17	8192	----a-w-	c:\program files\_ISDEL.EXE
1997-06-02 16:17 . 1997-06-02 16:17	11264	----a-w-	c:\program files\_SETUP.DLL
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\Don\AppData ----
.
2012-05-26 12:03 . 2012-05-27 20:55	5246	----a-w-	c:\documents and settings\Don\AppData\LocalLow\DataMngr\{7CA1F051-A4FB-4143-B263-02B41E571EED}
.
.
((((((((((((((((((((((((((((( [email protected]_19.58.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-06-02 13:20 . 2012-06-02 13:20	16384 c:\windows\Temp\Perflib_Perfdata_310.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-05-03 17355912]
"Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-21 3905920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"Microsoft Works Portfolio"="c:\program files\Microsoft Works\WksSb.exe" [2001-08-23 331830]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-17 28738]
"lxdnmon.exe"="c:\program files\Lexmark 2600 Series\lxdnmon.exe" [2009-01-29 660136]
"lxdnamon"="c:\program files\Lexmark 2600 Series\lxdnamon.exe" [2009-01-29 16040]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2009-01-29 320168]
"PhotoExplosionCalCheck"="c:\program files\Nova Development\Photo Explosion 3.0 SE\calcheck.exe" [2006-09-20 69632]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"Anti-phishing Domain Advisor"="c:\documents and settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2012-05-03 217256]
"Wondershare Helper Compact.exe"="c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2012-02-28 1679360]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
.
c:\documents and settings\Don\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - c:\program files\Logitech\Ereg\eReg.exe [2009-11-16 517384]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Event Reminder.lnk - c:\program files\PrintMaster 16\pmremind.exe [2004-1-20 339968]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Microsoft Works Calendar Reminders.lnk - c:\program files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2001-8-7 24633]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54	551296	----a-w-	c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders	msapsspc.dll schannel.dll digest.dll msnsspc.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Reminder.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk
backup=c:\windows\pss\Event Reminder.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk
backup=c:\windows\pss\Exif Launcher.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=c:\windows\pss\Google Updater.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-03-27 12:41	37296	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12	15360	----a-w-	c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2006-10-22 16:22	7700480	----a-w-	c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2006-10-22 16:22	86016	----a-w-	c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-10-22 16:22	1622016	----a-w-	c:\windows\system32\nwiz.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\mmc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\lxdncoms.exe"=
"c:\\Program Files\\Lexmark 2600 Series\\lxdnamon.exe"=
"c:\\Program Files\\Lexmark 2600 Series\\frun.exe"=
"c:\\Program Files\\Abbyy FineReader 6.0 Sprint\\Scan\\ScanMan6.exe"=
"c:\\Program Files\\Lexmark Fax Solutions\\FaxCtr.exe"=
"c:\\Program Files\\Lexmark 2600 Series\\lxdnmon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdntime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnjswx.exe"=
"c:\\Program Files\\Lexmark 2600 Series\\Diagnostics\\LXDNdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Lexmark 2600 Series\\lxdnlscn.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*isabled:Windows Remote Management 
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 7:38 PM 116608]
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5/30/2012 11:04 AM 654408]
R2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [1/18/2012 2:44 AM 450848]
R3 CompFilter;UVCCompositeFilter;c:\windows\system32\drivers\lvbusflt.sys [11/9/2010 10:46 PM 22176]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5/30/2012 11:04 AM 22344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/5/2010 3:49 PM 135664]
S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [9/8/2010 11:33 AM 98984]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [5/3/2012 8:31 AM 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/19/2012 7:23 AM 257696]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/5/2010 3:49 PM 135664]
S3 PPCtlPriv;PPCtlPriv;"c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe" --> c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/18/2001 8:00 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S3 xpsec;IPSEC driver;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/22/2009 11:08 PM 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [3/30/2009 4:09 AM 239336]
S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [3/30/2009 4:23 AM 366936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM	REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 10:16]
.
2012-06-01 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-09 10:50]
.
2012-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 19:48]
.
2012-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 19:48]
.
2012-06-01 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 21:03]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.broderbund.com/jump.jsp?itemID=442&itemType=CATEGORY
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-02 09:21
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(592)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(3676)
c:\windows\system32\WININET.dll
c:\documents and settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\dfshim.dll
c:\windows\IME\SPGRMR.DLL
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\devldr32.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\System32\CTsvcCDA.EXE
c:\program files\Olympus\DeviceDetector\DM1Service.exe
c:\program files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
c:\windows\system32\lxdncoms.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\System32\MsPMSPSv.exe
c:\windows\system32\fxssvc.exe
c:\windows\system32\wscntfy.exe
c:\program files\Lexmark 2600 Series\lxdnMsdMon.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\program files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2012-06-02 09:32:39 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-02 13:32
ComboFix2.txt 2012-06-01 20:17
ComboFix3.txt 2011-10-31 13:00
.
Pre-Run: 26,211,278,848 bytes free
Post-Run: 26,152,759,296 bytes free
.
- - End Of File - - A67E64AF729B6950AA86C82084A67F2E


----------



## dgp1939 (Oct 9, 2003)

Thank you, Flavallee. Almost had your screen name figured out until I saw that it had two ells. Thought you were a Florida transplant from Virginia named Lee. I am also a transplant (as of ten years ago).


----------



## dvk01 (Dec 14, 2002)

What problems are you still having


----------



## dgp1939 (Oct 9, 2003)

The same problems as described in my original complaint are still present. 

The ones I can readily determine to be problematic are: 

My XP startup screen has been changed to a big white overlapping square (see attached screenshot). Attempts to use Start > Control Panel > Display to change it fail. I had set my wallpaper to "Centered" with a black background. The icons are some that I had devised myself because I wanted to get rid of the apparent clutter of the original icons.

Attempts to restore system to an earlier date fail.

Google Chrome starts with an extra tab that has the address "Searchnu.com/406. (can provide screenshot)

When a restart is done, A Microsoft window shows up with a file folder marked Search Enhancement Pack. I close the window completely each time. (can provide screenshot).


----------



## dvk01 (Dec 14, 2002)

I can't fix the chrome problem
I have absolutely no idea where chrome keeps its settings and none of the malware tools will look at chrome settings 
post new dds logs please including a new attach txt


----------



## dgp1939 (Oct 9, 2003)

Since this thing crept in while Chrome was running, do you feel it may prove something if I were to remove Chrome and see what happens? Although I have a ton of bookmarks there, I can save them in a word processing file and put them back when I download Chrome again. Also, I hate Internet Explorer. When it gets accessed from within an email or when clicking on a Mailto link, it takes forever to get on screen.

Will post dds and Attach stuff next trip/


----------



## dgp1939 (Oct 9, 2003)

.
DDS (Ver_2011-08-26.01) - NTFSx86 
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.4.1
Run by Don at 12:30:12 on 2012-06-02
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767.271 [GMT -4:00]
.
AV: PC Cleaners *Disabled/Updated* {737A8864-C2D9-4337-B49A-B5E35815B9BB}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\WINDOWS\system32\lxdncoms.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Nova Development\Photo Explosion 3.0 SE\calcheck.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
svchost.exe
C:\Program Files\Lexmark 2600 Series\lxdnMsdMon.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.broderbund.com/jump.jsp?itemID=442&itemType=CATEGORY
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
BHO: {fdd3b846-8d59-4ffb-8758-209b6ad74acc} - c:\program files\microsoft money\system\mnyviewer.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [Logitech Vid] "c:\program files\logitech\vid hd\Vid.exe" -bootmode
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Microsoft Works Portfolio] c:\program files\microsoft works\WksSb.exe /AllUsers
mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe
mRun: [lxdnmon.exe] "c:\program files\lexmark 2600 series\lxdnmon.exe"
mRun: [lxdnamon] "c:\program files\lexmark 2600 series\lxdnamon.exe"
mRun: [FaxCenterServer] "c:\program files\lexmark fax solutions\fm3032.exe" /s
mRun: [PhotoExplosionCalCheck] c:\program files\nova development\photo explosion 3.0 se\calcheck.exe
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [nwiz] nwiz.exe /install
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [Anti-phishing Domain Advisor] "c:\documents and settings\all users\application data\anti-phishing domain advisor\visicom_antiphishing.exe"
mRun: [Wondershare Helper Compact.exe] c:\program files\common files\wondershare\wondershare helper compact\WSHelper.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
StartupFolder: c:\docume~1\don\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\ereg\eReg.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\eventr~1.lnk - c:\program files\printmaster 16\pmremind.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\microsoft office.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\microsoft works calendar reminders.lnk - c:\program files\common files\microsoft shared\works shared\wkcalrem.exe
uPolicies-explorer: <NO NAME> = 
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {301DA1EE-F65C-4188-A417-9E915CC8FBFA} - c:\program files\microsoft money\system\mnyviewer.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} - hxxp://24.227.115.174:65432/VatDec.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} - hxxp://radaol-prod-web-rr.streamops.aol.com/mediaplugin/3.0.84.2/win32/unagi3.0.84.2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} - hxxp://24.227.115.174/cab/msrdp.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{17DD6C05-FB54-49C7-9F98-5DE86E2323CE} : DhcpNameServer = 65.32.5.111 65.32.5.112
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SecurityProviders: msapsspc.dll schannel.dll digest.dll msnsspc.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-5-30 654408]
R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2012-1-18 450848]
R3 CompFilter;UVCCompositeFilter;c:\windows\system32\drivers\lvbusflt.sys [2010-11-9 22176]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-5-30 22344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-5 135664]
S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [2010-9-8 98984]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-5-3 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-19 257696]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-5 135664]
S3 PPCtlPriv;PPCtlPriv;"c:\program files\ca\ca internet security suite\ca anti-spyware\ppctlpriv.exe" --> c:\program files\ca\ca internet security suite\ca anti-spyware\PPCtlPriv.exe [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2001-8-18 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 xpsec;IPSEC driver;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-22 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]
.
=============== Created Last 30 ================
.
2012-06-02 13:33:16	6737808	----a-w-	c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4b1dff18-cb6a-4802-a6df-40f4f862645d}\mpengine.dll
2012-06-02 13:21:42	--------	d-----w-	c:\documents and settings\don\local settings\application data\blekkotb_soc
2012-06-01 19:33:27	98816	----a-w-	c:\windows\sed.exe
2012-06-01 19:33:27	518144	----a-w-	c:\windows\SWREG.exe
2012-06-01 19:33:27	256000	----a-w-	c:\windows\PEV.exe
2012-06-01 19:33:27	208896	----a-w-	c:\windows\MBR.exe
2012-06-01 11:56:31	32768	----a-w-	c:\program files\common files\installshield\professional\runtime\Objectps.dll
2012-06-01 07:15:35	--------	d-----w-	c:\program files\Microsoft CAPICOM 2.1.0.2
2012-05-31 16:04:13	--------	d-----w-	c:\documents and settings\don\local settings\application data\Sun
2012-05-31 15:57:26	--------	d-----w-	c:\program files\Oracle
2012-05-31 15:03:24	6737808	----a-w-	c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-05-31 15:03:12	237072	------w-	c:\windows\system32\MpSigStub.exe
2012-05-31 14:57:14	--------	d-----w-	c:\program files\Microsoft Security Client
2012-05-31 14:48:55	772504	----a-w-	c:\windows\system32\npdeployJava1.dll
2012-05-31 14:48:55	143872	----a-w-	c:\windows\system32\javacpl.cpl
2012-05-30 15:54:40	--------	d-----w-	c:\documents and settings\don\application data\SUPERAntiSpyware.com
2012-05-30 15:54:03	--------	d-----w-	c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-05-30 15:04:28	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-05-30 15:04:28	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-05-26 12:03:37	--------	d-----w-	c:\documents and settings\don\AppData
2012-05-24 10:58:14	--------	d-----w-	C:\Juststuff9
2012-05-22 19:53:29	--------	d-----w-	c:\documents and settings\don\local settings\application data\Ilivid Player
2012-05-22 19:35:33	159744	----a-w-	c:\program files\internet explorer\plugins\npqtplugin7.dll
2012-05-22 19:35:33	159744	----a-w-	c:\program files\internet explorer\plugins\npqtplugin6.dll
2012-05-22 19:35:33	159744	----a-w-	c:\program files\internet explorer\plugins\npqtplugin5.dll
2012-05-22 19:35:33	159744	----a-w-	c:\program files\internet explorer\plugins\npqtplugin4.dll
2012-05-22 19:35:33	159744	----a-w-	c:\program files\internet explorer\plugins\npqtplugin3.dll
2012-05-22 19:35:33	159744	----a-w-	c:\program files\internet explorer\plugins\npqtplugin2.dll
2012-05-22 19:35:33	159744	----a-w-	c:\program files\internet explorer\plugins\npqtplugin.dll
2012-05-22 17:23:17	249856	------w-	c:\windows\Setup1.exe
2012-05-22 17:23:15	73216	----a-w-	c:\windows\ST6UNST.EXE
2012-05-19 13:25:29	--------	d-----w-	c:\documents and settings\all users\application data\AVS4YOU
2012-05-19 13:25:15	--------	d-----w-	c:\documents and settings\don\application data\AVS4YOU
2012-05-19 13:21:26	--------	d-----w-	c:\program files\common files\AVSMedia
2012-05-19 13:21:20	11139944	----a-w-	c:\windows\system32\libmfxsw32.dll
2012-05-19 13:21:19	24576	----a-w-	c:\windows\system32\msxml3a.dll
2012-05-19 13:17:55	--------	d-----w-	c:\program files\AVS4YOU
2012-05-16 19:11:16	--------	d-----w-	c:\program files\DreamScene XP
2012-05-15 20:33:12	--------	d-----w-	c:\documents and settings\don\local settings\application data\RcIncidents
2012-05-15 19:07:29	--------	d-----w-	c:\documents and settings\don\local settings\application data\Wondershare
2012-05-15 19:07:27	--------	d-----w-	c:\program files\common files\Wondershare
2012-05-15 19:07:13	--------	d-----w-	c:\documents and settings\don\application data\Wondershare
2012-05-15 19:07:07	--------	d-----w-	c:\program files\Wondershare
2012-05-14 16:11:25	--------	d-----w-	c:\program files\Image Icon Converter
2012-05-14 16:10:57	--------	d-----w-	c:\documents and settings\all users\application data\Tarma Installer
2012-05-14 13:11:42	188416	----a-w-	c:\windows\system32\actsplash.ocx
2012-05-14 13:11:42	101888	----a-w-	c:\windows\system32\VB6STKIT.DLL
2012-05-14 13:11:41	82744	----a-w-	c:\windows\system32\PICCLP32.OCX
2012-05-14 13:11:41	741376	----a-w-	c:\windows\system32\SkinCrafter.dll
2012-05-14 13:11:41	389120	----a-w-	c:\windows\system32\actskn43.ocx
2012-05-14 13:11:41	2267368	----a-w-	c:\windows\system32\Flash9d.ocx
2012-05-14 13:11:40	--------	d-----w-	c:\program files\AudioShareware.com
2012-05-14 12:43:47	--------	d-----w-	c:\documents and settings\all users\application data\Anti-phishing Domain Advisor
2012-05-09 12:16:59	--------	d-----w-	c:\program files\Microsoft
2012-05-09 12:14:53	74520	----a-w-	c:\program files\common files\windows live\.cache\56e9ee6a1cd2ddd\DSETUP.dll
2012-05-09 12:14:53	484632	----a-w-	c:\program files\common files\windows live\.cache\56e9ee6a1cd2ddd\DXSETUP.exe
2012-05-09 12:14:53	1670936	----a-w-	c:\program files\common files\windows live\.cache\56e9ee6a1cd2ddd\dsetup32.dll
2012-05-09 12:14:45	1013800	----a-w-	c:\program files\common files\windows live\.cache\5284987a1cd2ddd\WindowsXP-KB954708-x86-ENU.exe
2012-05-09 12:00:43	--------	d-----w-	c:\program files\common files\Windows Live
2012-05-08 16:50:41	--------	d-----w-	c:\documents and settings\don\local settings\application data\Logitech® Webcam Software
2012-05-08 16:43:10	53248	----a-r-	c:\documents and settings\don\application data\microsoft\installer\{3ee9bcae-e9a9-45e5-9b1c-83a4d357e05c}\ARPPRODUCTICON.exe
2012-05-08 16:37:44	--------	d-----w-	c:\program files\common files\LWS
.
==================== Find3M ====================
.
2012-05-05 10:16:08	419488	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-05-05 10:16:07	70304	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-19 00:56:30	94208	----a-w-	c:\windows\system32\QuickTimeVR.qtx
2012-04-19 00:56:30	69632	----a-w-	c:\windows\system32\QuickTime.qts
2012-04-11 22:05:54	2069120	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-04-11 13:12:06	1862272	----a-w-	c:\windows\system32\win32k.sys
2012-04-11 13:10:58	2192640	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-04-04 22:47:02	687504	----a-w-	c:\windows\system32\deployJava1.dll
2012-03-21 00:44:12	171064	----a-w-	c:\windows\system32\drivers\MpFilter.sys
2010-05-07 16:10:13	4007544	----a-w-	c:\program files\pdf-to-word-converter.exe
2010-02-27 21:18:31	0	----a-w-	c:\program files\Silverlight.exe
2009-12-28 19:21:28	2728440	----a-w-	c:\program files\vcsetup.exe
2009-12-27 15:08:40	4621632	----a-w-	c:\program files\vs_proweb.exe
2008-08-31 12:53:35	3520552	----a-w-	c:\program files\procexp.exe
2008-04-05 15:19:07	7036642	----a-w-	c:\program files\AID_Personal_Setup.exe
2008-04-05 14:57:13	5660000	----a-w-	c:\program files\labelm.exe
2008-04-02 20:11:42	7042688	----a-w-	c:\program files\AID_Enterprise_Setup.exe
2008-04-02 16:07:27	23510720	----a-w-	c:\program files\DotNetfx.exe
2008-04-02 16:01:57	22646046	----a-w-	c:\program files\easycardcreator_free_setup.exe
2005-08-23 14:22:20	10488666	-c--a-w-	c:\program files\dwizen.exe
2005-07-15 17:23:52	334	-c--a-w-	c:\program files\layout.bin
2003-03-26 13:52:43	1150945	-c--a-w-	c:\program files\svinstall_s_libs.exe
2003-03-14 16:59:43	266843	----a-w-	c:\program files\nistime-32bit.exe
2003-03-14 16:45:56	1771688	-c--a-w-	c:\program files\atc28.exe
2003-03-14 16:31:31	646610	-c--a-w-	c:\program files\ats20b1.exe
2001-05-11 15:39:16	53248	----a-w-	c:\program files\ACMonitor_X73.exe
1997-06-02 16:17:58	8192	----a-w-	c:\program files\_ISDEL.EXE
1997-06-02 16:17:40	11264	----a-w-	c:\program files\_SETUP.DLL
.
============= FINISH: 12:31:21.73 ===============

Attach.txt:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 8/26/2005 11:13:25 AM
System Uptime: 6/2/2012 9:20:03 AM (3 hours ago)
.
Motherboard: Intel Corporation | | D845EPT2 
Processor: Intel(R) Pentium(R) 4 CPU 2.00GHz | X1 | 1993/100mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 75 GiB total, 24.396 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP823: 5/31/2012 11:56:19 AM - Installed Java(TM) 7 Update 4
RP824: 5/31/2012 11:57:24 AM - Installed JavaFX 2.1.0
RP825: 6/1/2012 3:00:30 AM - Software Distribution Service 3.0
RP826: 6/1/2012 4:12:36 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
505 Game Collection
ABBYY FineReader 6.0 Sprint
AC3Filter 1.63b
ACDSee for PENTAX
AceHTML Freeware
Acrobat.com
Adobe AIR
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.1
Adobe SVG Viewer 3.0
Anti-phishing Domain Advisor
Apple Application Support
Apple Software Update
Applian Director
Aquatica 3
ArcSoft Panorama Maker 5
ArcSoft Software Suite
ArcSoft VideoImpression 1.6
Bonjour
CameraHelperMsi
Cards_Calendar_OrderGift_DoMorePlugout
CDBurnerXP
CodeBlocks
Compatibility Pack for the 2007 Office system
Conduit Engine
Conexant HSF V92 56K RTAD Speakerphone PCI Modem
Convert FLV to MP3 1.0
Crystal Reports for Visual Studio
Dell Driver Download Manager
DesignPro 5
DiscWizard for Windows
DiskRedactor
Dotfuscator Software Services - Community Edition
DreamScene XP version 1.0
DTCLookup
Easy CD Creator 5 Basic
Easy Graphic Converter 3.0
Easy Icon Maker
Easycab v7.0
erLT
ExpressPCB
FaxTools
FinePixViewer Ver.3.2
FoxTab Video To MP3
FREE Equation Illustrator version 1.7.3.0
Free PDF to Word Converter 4.2.3.183
FUJIFILM USB Driver
Game Booster
GIMP 2.4.0
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB948127)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2542054)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB958655-v2)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
HP Photosmart Essential 2.5
HPPhotoSmartPhotobookWebPack1
HTML-Kit
HTML Slideshow Powertoy for Windows XP
Icon Maker 4.4.0.5
ICS Viewer 6.0
Image Icon Converter 1.3
ImageMixer VCD for FinePix
ImTOO Convert PowerPoint to Video Free
Inkscape 0.45.1
Java Auto Updater
Java(TM) 6 Update 32
Java(TM) 7 Update 4
JavaFX 2.1.0
LameACM
Lexmark 2600 Series
Lexmark Fax Solutions
Logitech Vid HD
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft ASP.NET MVC 2
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Encarta Encyclopedia Standard 2002
Microsoft Help Viewer 1.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2002
Microsoft Money 2002 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel Viewer
Microsoft Office Live Add-in 1.3
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Picture It! Photo 2002
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Silverlight 3 SDK
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 R2 Data-Tier Application Framework
Microsoft SQL Server 2008 R2 Data-Tier Application Project
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 R2 Transact-SQL Language Service
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files 
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Database Publishing Wizard 1.4
Microsoft SQL Server System CLR Types
Microsoft SQL Server VSS Writer
Microsoft Streets and Trips 2002
Microsoft Sync Framework Runtime v1.0 SP1 (x86)
Microsoft Sync Framework SDK v1.0 SP1
Microsoft Sync Framework Services v1.0 SP1 (x86)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x86)
Microsoft Team Foundation Server 2010 Object Model - ENU
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2008 Samples
Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
Microsoft Visual F# 2.0 Runtime
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio 2010 Office Developer Tools (x86)
Microsoft Visual Studio 2010 Professional - ENU
Microsoft Visual Studio 2010 SharePoint Developer Tools
Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
Microsoft Visual Studio Macro Tools
Microsoft Web Publishing Wizard 1.52
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
Microsoft Word 2002
Microsoft Works 2002 Setup Launcher
Microsoft Works 6-9 Converter
Microsoft Works 6.0
Microsoft Works Suite Add-in for Microsoft Word
Microsoft XML Parser and SDK
MicroStaff WINASPI
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
My DSC
NetObjects Fusion Essentials
NVIDIA Drivers
OpenOffice.org 3.4
Opera 11.64
Paint Shop Pro Shareware Version 3.12 - 32 Bit
Photo Explosion 3.0 Special Edition
Picasa 3
PrintMaster 16
PSSWCORE
Punch! Super Home Suite
QuickTime
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Visual Studio 2010 Professional - ENU (KB2251489)
Security Update for Microsoft Visual Studio 2010 Professional - ENU (KB2644980)
Security Update for Microsoft Visual Studio Macro Tools (KB2669970)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Serif DrawPlus 4.0
Serif PagePlus Starter Edition
Serif WebPlus 6.0
Shockwave
Skype Click to Call
Skype 5.9
Sound Blaster Live! Value
Sql Server Customer Experience Improvement Program
SUPERAntiSpyware
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VectorEye3
VideoToolkit01
Visual Similarity Duplicate Image Finder Demo 3.1.0.1
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
VLC media player 2.0.1
Vuze Remote Toolbar
Web Deployment Tool
WebFldrs XP
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer Clean Up
Windows Internet Explorer 8
Windows Live Sign-in Assistant
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows XP Creativity Fun Packs - Windows Movie Maker 2
Windows XP Service Pack 3
Wondershare PDF Converter (Build 3.1.1)
Works Suite OS Pack
Works Synchronization
XML Paper Specification Shared Components Pack 1.0
YouTube Downloader 2.7.4
.
==== Event Viewer Messages From Past Week ========
.
5/30/2012 9:59:47 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
5/30/2012 11:54:40 AM, error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.
5/30/2012 10:01:54 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
5/28/2012 12:34:39 PM, error: Service Control Manager [7023] - The Remote TCP/IPv6 service terminated with the following error: The specified module could not be found.
5/28/2012 12:34:39 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the lxdnCATSCustConnectService service to connect.
5/28/2012 12:34:39 PM, error: Service Control Manager [7000] - The lxdnCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/28/2012 12:34:39 PM, error: Service Control Manager [7000] - The hpdj service failed to start due to the following error: The system cannot find the file specified.
5/28/2012 1:57:12 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
.
==== End Of File ===========================


----------



## dvk01 (Dec 14, 2002)

nothing showing in those logs

lets see if this might show us something
Download *OTS.exe *to your Desktop 

Close any open browsers.
Double-click on *OTS.exe* to start the program.
If your Real protection or Antivirus intervenes with OTS, allow it to run.
In the *Processes * group click *ALL*
In the *modules * group click *ALL* 
In the * Services * group click *Safe List* 
In the *Drivers* group click *Safe List* 
In the *Registry * group click *ALL*
In the *Files Age* drop down box click *90 days* 
Make sure use company name, white list and skip Microsoft files boxes are checked
 In the Files created and Files modified groups select *whitelist/file age *
in the *Additional scans sections* please select * Everything *and make sure safe list box is checked
Now on the toolbar at the top select "Scan all users" then click the *Run Scan* button
The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Save that notepad file 
Use the * Reply* button and *attach the notepad file here*. I will review it when it comes in. 

It will be much too big so you will need to zip the file before it will be able to be uploaded


----------



## dgp1939 (Oct 9, 2003)

Zipped OTS.TXT attached hereto.


----------



## dvk01 (Dec 14, 2002)

no nothing showing in there either
all I can suggest is change your windows theme to a different theme & see if that cures the desktop


----------



## dgp1939 (Oct 9, 2003)

Using right click on screen > Properites, etc., and then Start > Control Panel > DIsplay > etc., and just opening up a picture from my files at random and applying it as wallpaper produces the same result. 

Scraped off my old wallpaper and rehung ten different kinds, all with the same result: no change. The wallpaper is there, but this thing puts a solid white square over it from top to bottom of the screen and about80% of the way from right to left. No matter what I select as wallpaper, the wallpaper goes behind the white. This happens only on my startup screen, that is, the screen that appears when everything is closed. 

I know that this is a tough nut to crack or I wouldn't be asking for assistance.

Thank you for all so far.


----------



## dgp1939 (Oct 9, 2003)

Please check out what I found at

http://guides.yoosecurity.com/how-to-get-rid-of-httpwww-searchnu-com406-redirect-virus/

It seems to explain removal of this virus. However, I don't trust the site because it was too easy to find..


----------



## dvk01 (Dec 14, 2002)

we have clleared all the entries relating to searchnu
the only ones we can't clear are the chrome ones at this time & we are looking for ways to do that

lets see if this will fix the desktop

This fix is only for XP & Windows 2000

Download and Save Cleandesktop to your computer from this link: http://www.thespykiller.co.uk/downloads/cleandesktop.exe and double click on the cleandesktop.exe

It will automatically extract to c:\desktopclean where it needs to be to run and will automatically run the cleandesktop.vbs script

If it doesn't open then go to c:\desktopclean and double click on the cleandesktop.vbs Do not run any other file from there please unless asked to

If you have script blocking enabled you will get a warning about a malicious script wanting to run. Please allow this script to run. It is not malicious.

If you get a message when you first run it "Can not find script file "blah blah blah" then don't worry just doubleclick the cleandesktop.vbs script again you sometimes get that message when a script blocker blocks the script

It will then kill Explorer. You will lose your taskbar and desktop. It will repair the registry entries returning your normal desktop and context menu functions.

It will restart Explorer.

Once you have performed the big cleanup, each of the other Users on the System needs to be signed in to clean up their desktop and regain the right click.

I have included another vbs to do this. It is named Other Profiles Regfix.vbs

Have each User sign in and run Other Profiles Regfix.vbs
Open C:\ (Go to Start>Run and type C: Press enter) and Open the c:\desktopclean folder. Double click on Other Profiles Regfix.vbs

Explorer will be ended and that user's active desktop registry entries will be repaired. Explorer will be restarted.

To restore the desktop to whatever picture you normally have right click on a blank part of desktop & select properties/desktop & select your prefered picture press apply & then ok to exit and then press F5

You will need to do this step for every user account


----------



## dgp1939 (Oct 9, 2003)

Will run same tomorrow. There is only one user on this computer. I see the Queen went barging in the rain. GIves a whole new meaning to "barged in".

Thanks again.


----------



## flavallee (May 12, 2002)

It looks like we're all stumped over that display issue. 

-----------------------------------------------------------


----------



## dgp1939 (Oct 9, 2003)

I've never seen anything quite like it, either. If today's operations using Spykiller do not produce results, I am open to (after saving bookmarks) removing chrome completely from my machine and then re-booting. That at least will prove that it was somehow resident there. I can eliminate the extra search tab from Google while using Chrome simply by going to the settings page.

I saw several references to Spykiller while searching for DIY help, but thought best of downloading it and making my headache bigger.


----------



## dvk01 (Dec 14, 2002)

deal withn teh chrome from the settings page then 
I hope that the downlaod will sort the desktop, but if it doesn't we still have one more thig to try


----------



## dgp1939 (Oct 9, 2003)

Ran Spykiller. Shut down everything that was running beforehand. Thought it did the job until I right clicked on a blank space and selected a wallpaper. Then it was back. However, this time I observed that when I run the cursor over the white part of the screen, the white part darkens ever so slightly like a mouseover effect. Interesting?


----------



## dvk01 (Dec 14, 2002)

OK try this

Copy the contents of the Code box to notepad.
Name the file out.reg
Save as type:All files
Save it someplace where you will remember it, like My documents.

Double click on out.reg and say yes to the prompt.


```
REGEDIT4

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoChangingWallPaper"=-
"NoAddingComponents"=-
"NoComponents"=-
"NoDeletingComponents"=-
"NoEditingComponents"=-
"NoCloseDragDropBands"=-
"NoMovingBands"=-
"NoHTMLWallPaper"=-


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoActiveDesktopChanges"=-
"NoActiveDesktop"=-
"NoSaveSettings"=-
"ClassicShell"=-
"NoThemesTab"=-

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoActiveDesktopChanges"=-
```
Restart the computer.

Go to Display properties and click the desktop tab.

Click the Customize Desktop Button.

Click the Web tab and remove the checkmark from the the Lock Desktop Items box.
Apply.
Apply and Exit Display properties.

In display Properties > Desktop
Choose a new background color and picture. Apply.

Close Display properties. If you need to, click the desktop and press F5 to refresh.


----------



## dgp1939 (Oct 9, 2003)

OK. Will do. I also scanned the startup screen with Malbytes and nothing was found.

Malbytes Log:

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.03.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Don :: DPS-TOOFLISS [administrator]

Protection: Disabled

6/4/2012 8:08:01 AM
mbam-log-2012-06-04 (08-08-01).txt

Scan type: Custom scan
Scan options enabled: File System | Heuristics/Shuriken | PUP | PUM
Scan options disabled: Memory | Startup | Registry | Heuristics/Extra | P2P
Objects scanned: 9
Time elapsed: 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


----------



## dgp1939 (Oct 9, 2003)

Did as suggested. Not much changed. Now there is no "mouseover effect on the white part of the screen.

Also, you triggered my memory. After running out.reg, and restarting, the startup screen had the "Active Desktop Recovery" message, with the usual several options. I remembered that this screen appeared the day this virus kicked in. That is, the next time I closed everything out and looked at it.

Upon clicking the desktop and pressing F5, the correct wallpaper appears for about two milliseconds then the white comes back.

Further, I noted that when I OK'd the restart, the white part and all my icons disappeared and left only the appropriate wallpaper for a few seconds.

Hope some of this helps. 

I will be offline for most of today to run necessary errands.


----------



## dvk01 (Dec 14, 2002)

uninstall these 2 
Anti-phishing Domain Advisor
DreamScene XP version 1.0

then reboot & run both the desktop clean.exe and then out.reg again please 
hopefully that will fix it 

I am pretty certain that it is dreamscene at fault here


----------



## dgp1939 (Oct 9, 2003)

Uninstalled as suggested. Ran clean and out, etc.

No change in startup screen.

After previously removing searchnu.com/406 extra tab from Chrome by using settings, it has not returned after two reboots. 

I apparently did something right on that one.

This Startup screen white square seems almost to be an overlay of some sort as the selected wallpaper does exist behind it.

Am also going through all the processes in Task Manager and checking to see if any could be malicious. Not doing anything about it, but if I find any will post it here.

Also, to see if there were any positive changes, I attempted a System Restore. It would only let me go to May 31, 2012.

That tells me that the virus is truly insidious.

The people who invent these things could become millionaires if they directed their energies to constructive projects.


----------



## dgp1939 (Oct 9, 2003)

It has occurred to me that since the searchnu.com/406 tab has disappeared from Chrome, and that since it has not reinstated itself after two reboots, that it is possible that two things were downloaded from the same source at the same time and that one of them is still roaming my HDD giving me aggravation.

Tuesday, I'll look for any virus that just does the two things that remain.


----------



## dvk01 (Dec 14, 2002)

I have no further ideas with this one and if the start up screen /desktop problmes continue, then a reinstall of windows is probably your best solution


----------



## dgp1939 (Oct 9, 2003)

Very strange, indeed. Thinking about the large white area being an overlay, I just discovered that if I place my cursor at the left edge of the square, it will change to &#8596; and then I can resize the white area down to about one inch wide.

OMIGOSH!!!

I narrowed the white area to about 3 inches wide and I did something (not quite sure what) and the top of the white area changed to a darker bar (like a toolbar) It had a &#9660; on the left and right and an X box toward the right. I clicked on one of the &#9660; symbols and the white area went away. What kind of madness is this?

I then right-clicked and clicked on Properties > Desktop etc. and was able to properly change the wallpaper.

The only issue I seem to have now is not being able to set a restore point prior to June 5.

This has to be one for the books or else I am a complete idiot! Perhaps a bit of both?


----------



## dvk01 (Dec 14, 2002)

It obviously was something overlaying the desktop, but what, I have no idea

don't worry about no previous restore points, we would need to clear them all anyway to make sure any malware was removed from them

so

*Follow these steps to uninstall Combofix and the other tools it downloaded to remove the malware*
* Click *START* then * RUN*
* Now type *Combofix /Uninstall * in the runbox and click *OK*. Note the *space *between the *X* and the */U*, it needs to be there.









This will also purge the restore folder and clear any malware that has been put in there. Now Empty Recycle bin on desktop Then reboot.

go here* http://www.thespykiller.co.uk/index.php?page=3 *for info on how to tighten your security settings and how to help prevent future attacks.

and scan here* http://secunia.com/vulnerability_scanning/online/* for out of date & vulnerable common applications on your computer and update whatever it suggests. Download & use the PSI version ( not the OSI, in your browser java version) as I no longer recommend having Java installed on the computer at all, unless it is absolutely necessary, because of the too high risk of malware infiltration

Then pay an urgent visit to windows update & make sure you are fully updated, that will help to plug the security holes that let these pests on in the first place. * If windows update doesn't work, please come back & tell us*


----------



## dgp1939 (Oct 9, 2003)

Thank you, dvk01. Just in time. I have friends arriving today from Manchester. Big fans of Man City.

If there is anything else I can fix for you, just let me know (Ha-ha). Actually, you have been a great help and my machine is now tuned up the best it has ever been.

Thank you again!


----------

