Inactive MBAM, GMER, MBR, and DDS logs

MinnesotaMike · 2011/03/17

[Inactive] MBAM, GMER, MBR, and DDS logs

As suggested by Arie in my thread here, I am posting my scan results. Going through the list in this forum, I tried to run Avast and it froze at 75%. I was not able to run TFC in normal mode. Malwarebytes updated and it rebooted, the system froze again and now I can't get into Windows anymore. I can get into SAFE mode and I was able to run the scans from there (including updating and running Malwarebytes). Here are my results:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6093

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18999

3/17/2011 9:58:15 PM
mbam-log-2011-03-17 (21-58-15).txt

Scan type: Quick scan
Objects scanned: 159269
Time elapsed: 4 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 19
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 9
Files Infected: 17

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{11C27351-716B-4052-9361-E3B0A3F8221C} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1602F07D-8BF3-4c08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{C55CA95C-324B-451C-B2D2-6E895AA75FEC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.Info.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.Info (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1602F07D-8BF3-4C08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.UserProfiles.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.UserProfiles (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-CD68-4f36-8D02-8C43722EE5DA} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MenuButtonIE.ButtonIE (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MenuButtonIE.ButtonIE.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\MenuButtonIE.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ClickPotatoLite (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ClickPotatoLiteSA (Adware.ClickPotato) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\ClickPotatoLite@ClickPotatoLite.com (Adware.ClickPotato) -> Value: ClickPotatoLite@ClickPotatoLite.com -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\programdata\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\Users\Nick\AppData\Roaming\clickpotatolite (Adware.ClickPotato) -> Delete on reboot.
c:\program files\clickpotatolite (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.621.0 (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.621.0\firefox (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.621.0\firefox\extensions (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.621.0\firefox\extensions\plugins (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\clickpotato (Adware.ClickPotato) -> Quarantined and deleted successfully.

Files Infected:
c:\program files\clickpotatolite\bin\10.0.621.0\clickpotatolitesaax.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\plugins\npclntax_clickpotatolitesa.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\Users\Nick\downloads\xvidsetup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesa.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesaabout.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesaau.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesaeula.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesa_hpk.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesa_kyf.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.621.0\clickpotatolitesahook.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.621.0\clickpotatoliteuninstaller.exe (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.621.0\launchhelp.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.621.0\firefox\extensions\install.rdf (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.621.0\firefox\extensions\plugins\npclntax_clickpotatolitesa.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\clickpotato\About Us.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\clickpotato\clickpotato customer support.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\clickpotato\clickpotato uninstall instructions.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-03-17 21:31:08
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 SAMSUNG_ rev.HH10
Running: GMER.exe; Driver: C:\Users\Nick\AppData\Local\Temp\kxldqpoc.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[1144] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [747A7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1144] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [747FA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1144] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [747ABB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1144] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7479F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1144] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [747A75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1144] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7479E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1144] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [747D8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1144] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [747ADA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1144] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7479FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1144] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7479FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1144] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [747971CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1144] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7482CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1144] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [747CC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1144] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7479D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1144] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74796853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1144] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7479687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1144] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [747A2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

MinnesotaMike · 2011/03/17

MBAM, GMER, MBR, and DDS logs PART 2

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Quanta
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv6700 Notebook PC
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 153):
0x82A0B000 \SystemRoot\system32\ntkrnlpa.exe
0x82DC4000 \SystemRoot\system32\hal.dll
0x80406000 \SystemRoot\system32\kdcom.dll
0x8040D000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8047D000 \SystemRoot\system32\PSHED.dll
0x8048E000 \SystemRoot\system32\BOOTVID.dll
0x80496000 \SystemRoot\system32\CLFS.SYS
0x804D7000 \SystemRoot\system32\CI.dll
0x80600000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8067C000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80689000 \SystemRoot\system32\drivers\acpi.sys
0x806CF000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806D8000 \SystemRoot\system32\drivers\msisadrv.sys
0x806E0000 \SystemRoot\system32\drivers\pci.sys
0x80707000 \SystemRoot\System32\drivers\partmgr.sys
0x80716000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80719000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x80723000 \SystemRoot\system32\drivers\volmgr.sys
0x80732000 \SystemRoot\System32\drivers\volmgrx.sys
0x8077C000 \SystemRoot\system32\drivers\intelide.sys
0x80783000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x80791000 \SystemRoot\System32\drivers\mountmgr.sys
0x807A1000 \SystemRoot\system32\drivers\pavboot.sys
0x88405000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x884D3000 \SystemRoot\system32\drivers\atapi.sys
0x884DB000 \SystemRoot\system32\drivers\ataport.SYS
0x884F9000 \SystemRoot\system32\drivers\msahci.sys
0x88502000 \SystemRoot\system32\drivers\fltmgr.sys
0x88534000 \SystemRoot\system32\drivers\fileinfo.sys
0x88544000 \SystemRoot\System32\Drivers\ksecdd.sys
0x88604000 \SystemRoot\system32\drivers\ndis.sys
0x8870F000 \SystemRoot\system32\drivers\msrpc.sys
0x8873A000 \SystemRoot\system32\drivers\NETIO.SYS
0x88800000 \SystemRoot\System32\drivers\tcpip.sys
0x888EA000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x88A04000 \SystemRoot\System32\Drivers\Ntfs.sys
0x88B14000 \SystemRoot\system32\drivers\volsnap.sys
0x88B4D000 \SystemRoot\System32\Drivers\spldr.sys
0x88B55000 \SystemRoot\System32\Drivers\mup.sys
0x88B64000 \SystemRoot\System32\drivers\ecache.sys
0x88B8B000 \SystemRoot\system32\drivers\disk.sys
0x88B9C000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x88BBD000 \SystemRoot\system32\drivers\crcdisk.sys
0x88BD3000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x88BDE000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x88BE7000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x88BEB000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x889D3000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8D203000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8D8BE000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8D95F000 \SystemRoot\System32\drivers\watchdog.sys
0x8D96B000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8D976000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8D9B4000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8DA04000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8DC06000 \SystemRoot\system32\DRIVERS\NETw4v32.sys
0x8DE35000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x8DE51000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8DE61000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8DE6F000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x8DE89000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x8DE98000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x8DEAC000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x8DEFD000 \SystemRoot\system32\DRIVERS\HpqRemHid.sys
0x8DEFF000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8DF0F000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8DF16000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8DF29000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x8DF2E000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8DF39000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8DF69000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8DF6B000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8DF76000 \SystemRoot\system32\drivers\Afc.sys
0x8DF7E000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8DF96000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x8DF9C000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8DA91000 \SystemRoot\system32\DRIVERS\storport.sys
0x8DFCB000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8DFD6000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8DFED000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8DAD2000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8DAF5000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8DB04000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8DB18000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8DB2D000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8DFF8000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8DB3D000 \SystemRoot\system32\DRIVERS\ks.sys
0x8DB67000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8DB71000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8DB7E000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8DBB3000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8DBBC000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8EA0C000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8EBB6000 \SystemRoot\system32\drivers\portcls.sys
0x8DBCD000 \SystemRoot\system32\drivers\drmk.sys
0x8E607000 \SystemRoot\system32\DRIVERS\smserial.sys
0x8E6F8000 \SystemRoot\system32\drivers\modem.sys
0x8E705000 \SystemRoot\System32\Drivers\aswSnx.SYS
0x8E763000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8E76C000 \SystemRoot\System32\Drivers\Null.SYS
0x8E773000 \SystemRoot\System32\Drivers\Beep.SYS
0x8E77A000 \SystemRoot\System32\drivers\vga.sys
0x8E786000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8E7A7000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8E7AF000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8E7B7000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8E7C2000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8E7D0000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8E7D9000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8E7EF000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x8D9C3000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8EBE3000 \SystemRoot\system32\DRIVERS\smb.sys
0x88775000 \SystemRoot\system32\drivers\afd.sys
0x8E7F9000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x889E2000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8DBF2000 \SystemRoot\system32\DRIVERS\netbios.sys
0x887BD000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x885B5000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8EA00000 \SystemRoot\system32\drivers\nsiproxy.sys
0x887D0000 \SystemRoot\System32\Drivers\dfsc.sys
0x807A7000 \SystemRoot\System32\Drivers\aswSP.SYS
0x887E7000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x805B7000 \SystemRoot\System32\Drivers\usbvideo.sys
0x88BC6000 \SystemRoot\System32\Drivers\crashdmp.sys
0x88905000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x97C60000 \SystemRoot\System32\win32k.sys
0x8D9F5000 \SystemRoot\System32\drivers\Dxapi.sys
0x885F1000 \SystemRoot\system32\DRIVERS\monitor.sys
0x97E80000 \SystemRoot\System32\TSDDD.dll
0x97EA0000 \SystemRoot\System32\cdd.dll
0x805D8000 \SystemRoot\system32\drivers\luafv.sys
0x8240E000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x82446000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x82451000 \SystemRoot\system32\drivers\spsys.sys
0x82501000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x82511000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8253B000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x82545000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x82558000 \SystemRoot\system32\drivers\HTTP.sys
0x825C5000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x825E2000 \SystemRoot\system32\DRIVERS\bowser.sys
0xAE009000 \SystemRoot\System32\drivers\mpsdrv.sys
0xAE01E000 \SystemRoot\system32\drivers\mrxdav.sys
0xAE03F000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xAE05E000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xAE097000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xAE0AF000 \SystemRoot\System32\DRIVERS\srv2.sys
0xAE0D7000 \SystemRoot\System32\DRIVERS\srv.sys
0xB1807000 \SystemRoot\system32\drivers\peauth.sys
0xB18E5000 \SystemRoot\System32\Drivers\secdrv.SYS
0xB18EF000 \SystemRoot\System32\drivers\tcpipreg.sys
0xB18FD000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x77260000 \Windows\System32\ntdll.dll

Processes (total 95):
0 System Idle Process
4 System
500 C:\Windows\System32\smss.exe
568 csrss.exe
612 C:\Windows\System32\wininit.exe
624 csrss.exe
656 C:\Windows\System32\services.exe
684 C:\Windows\System32\winlogon.exe
708 C:\Windows\System32\lsass.exe
716 C:\Windows\System32\lsm.exe
860 C:\Windows\System32\svchost.exe
932 C:\Windows\System32\svchost.exe
968 C:\Windows\System32\svchost.exe
1020 C:\Windows\System32\svchost.exe
1056 C:\Windows\System32\svchost.exe
1068 C:\Windows\System32\svchost.exe
1144 C:\Windows\System32\audiodg.exe
1172 C:\Windows\System32\svchost.exe
1188 C:\Windows\System32\SLsvc.exe
1252 C:\Windows\servicing\TrustedInstaller.exe
1272 C:\Windows\System32\svchost.exe
1376 C:\Windows\System32\svchost.exe
1484 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1808 C:\Windows\System32\spoolsv.exe
1832 C:\Windows\System32\svchost.exe
1992 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
224 C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
236 C:\Program Files\Bonjour\mDNSResponder.exe
336 C:\Windows\System32\svchost.exe
356 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
852 C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
1180 C:\Windows\System32\svchost.exe
844 C:\Windows\System32\svchost.exe
1988 C:\Windows\System32\svchost.exe
608 C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
2276 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2288 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2360 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
2392 C:\Windows\System32\svchost.exe
2416 C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
2448 C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
2536 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
2612 C:\Windows\System32\svchost.exe
2648 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2680 C:\Windows\System32\SearchIndexer.exe
2724 C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
2740 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
3272 C:\Windows\System32\SearchProtocolHost.exe
3588 WmiPrvSE.exe
3948 C:\Windows\System32\taskeng.exe
4040 C:\Windows\System32\dwm.exe
4068 C:\Windows\explorer.exe
2164 C:\Windows\System32\taskeng.exe
2032 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
1840 C:\Program Files\Synaptics\SynTP\SynTPStart.exe
2500 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2488 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3052 C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
3184 C:\Windows\RtHDVCpl.exe
3012 C:\Program Files\HP\QuickPlay\QPService.exe
1112 C:\Windows\System32\igfxpers.exe
3244 C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
3144 C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
3048 C:\Program Files\iTunes\iTunesHelper.exe
3232 C:\Windows\System32\igfxsrvc.exe
3280 C:\Windows\System32\igfxtray.exe
3388 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
2080 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
3480 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
884 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
2384 C:\Windows\System32\hkcmd.exe
3652 C:\Program Files\Citrix\ICA Client\concentr.exe
3236 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
3712 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
3728 C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
3724 C:\Program Files\Pando Networks\Media Booster\PMB.exe
3692 C:\Windows\System32\spool\drivers\w32x86\3\E_FATICDA.EXE
3264 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
3524 C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
3924 C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
3768 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
3968 C:\Program Files\Citrix\ICA Client\wfcrun32.exe
3748 WmiPrvSE.exe
4256 C:\Program Files\Windows Media Player\wmpnscfg.exe
4360 C:\Program Files\Windows Media Player\wmpnetwk.exe
4684 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
5168 C:\Program Files\iPod\bin\iPodService.exe
5344 C:\Windows\System32\SearchFilterHost.exe
5548 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
5920 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
3212 C:\Windows\System32\wbem\WMIADAP.exe
4652 C:\Program Files\HP\HP Software Update\HPWUCli.exe
3788 WmiPrvSE.exe
5828 C:\Users\Nick\Desktop\MBRCheck.exe
5936 C:\Windows\System32\wuauclt.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000022`4e9af400 (NTFS)

PhysicalDrive0 Model Number: SAMSUNGHM160HI, Rev: HH100-10

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: D94F393960D1CD66C2071F2D7260A5196DF105AC

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:

Done!

.
DDS (Ver_11-03-05.01) - NTFSx86 MINIMAL
Run by Nick at 21:31:33.51 on Thu 03/17/2011
Internet Explorer: 8.0.6001.18999 BrowserJavaVersion: 1.6.0_22
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.1.1033.18.2038.1250 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\Explorer.EXE
C:\Users\Nick\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = <local>;*.local
uInternet Settings,ProxyServer = http=127.0.0.1:5555
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: MP3 Rocket Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: MP3 Rocket Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe "
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [EPSON Stylus CX7400 Series (Copy 1)] c:\windows\system32\spool\drivers\w32x86\3\e_faticda.exe /fu "c:\windows\temp\E_S2A9E.tmp" /EF "HKCU "
mRun: [hpqSRMon]
mRun: [WAWifiMessage] c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe "
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe
mRun: [Nikon Transfer Monitor] c:\program files\common files\nikon\monitor\NkMonitor.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
mRun: [4StoryPrePatch] c:\program files\gameforge4d\gatesofandaron\PrePatch.exe
mRunOnce: [Malwarebytes' Anti-Malware (registration)] regsvr32.exe /s "c:\program files\malwarebytes' anti-malware\mbamext.dll "
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mRunOnce: [InnoSetupRegFile.0000000001] "c:\windows\is-AUVVK.exe" /REG /REGSVRMODE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wdsmar~1.lnk - c:\program files\western digital\wd smartware\front parlor\WDSmartWare.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: CabBuilder - hxxp://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\nick\appdata\roaming\mozilla\firefox\profiles\6skf5dh3.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://espn.go.com/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=MP3R7&o=15863&locale=en_US&apn_uid=816F264D-7C85-47C7-9AED-D0AE5DB77C3D&apn_ptnrs=RV&apn_sauid=&apn_dtid=&q=
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\clickpotatolite\bin\10.0.621.0\firefox\extensions\plugins\npclntax_ClickPotatoLiteSA.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_ClickPotatoLiteSA.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\virtools\3d life player\npvirtools.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\nick\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\nick\appdata\roaming\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\users\nick\appdata\roaming\mozilla\firefox\profiles\6skf5dh3.default\extensions\activegs@freetoolsassociation.com\platform\winnt_x86-msvc\plugins\npActiveGS.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: ClickPotatoLite Component: ClickPotatoLite@ClickPotatoLite.com - c:\program files\clickpotatolite\bin\10.0.621.0\firefox\extensions
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\nick\appdata\roaming\Move Networks
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: ActiveGS: activegs@freetoolsassociation.com - %profile%\extensions\activegs@freetoolsassociation.com
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-5-11 28552]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-15 371544]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-5-11 301528]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-5-11 19544]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-5-11 53592]
S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-11 42184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-9 135664]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2010-8-24 92008]
S2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2009-11-5 110592]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-3 21504]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [2009-3-11 24216]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2009-2-13 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-3-30 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 SQLAgent$MSSMLBIZ;SQL Server Agent (MSSMLBIZ);c:\program files\microsoft sql server\mssql10.mssmlbiz\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]
.
=============== Created Last 30 ================
.
2011-03-18 00:38:25 709456 ----a-w- c:\windows\is-AUVVK.exe
2011-03-17 23:14:12 5943120 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{8d09a7bb-82bd-414d-af27-dc6641eb6ec1}\mpengine.dll
2011-03-16 00:26:26 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-03-15 23:34:35 -------- d-----w- c:\windows\pss
2011-02-16 21:00:24 -------- d-----w- c:\program files\iPod(115)
2011-02-16 21:00:17 -------- d-----w- c:\program files\iTunes(116)
2011-02-16 20:44:37 -------- d-----w- c:\program files\common files\Java(107)
.
==================== Find3M ====================
.
2011-02-23 14:04:21 40648 ----a-w- c:\windows\avastSS.scr
2011-02-02 23:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-12-28 15:55:03 413696 ----a-w- c:\windows\system32\odbc32.dll
.
============= FINISH: 21:32:05.82 ===============

broni · 2011/03/17

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==============================================================

I still need Attach.txt part of DDS.

When done...

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

MinnesotaMike · 2011/03/17

Attach.txt

Hi Broni,

Sorry I forgot this. I'll post and then try the other things you mention.

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft® Windows Vistaâ„¢ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 2/6/2008 2:38:27 PM
System Uptime: 3/17/2011 8:09:17 PM (1 hours ago)
.
Motherboard: Quanta | | 30CC
Processor: Intel(R) Pentium(R) Dual CPU T2330 @ 1.60GHz | U2E1 | 1596/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 137 GiB total, 46.689 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 1.867 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
3DVIA player 4.1
7-Zip 4.65
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.2
Adobe Shockwave Player
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Panorama Maker 4
ArcSoft PhotoImpression 6
ArcSoft Print Creations
Ask Toolbar
avast! Free Antivirus
Bonjour
BufferChm
Business Contact Manager for Microsoft Outlook 2010
Cards_Calendar_OrderGift_DoMorePlugout
Citrix online plug-in (Web)
ClickPotato
Compatibility Pack for the 2007 Office system
CustomerResearchQFolder
D3DX10
Definition update for Microsoft Office 2010 (KB982726)
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DivX Web Player
DVD Suite
EPSON CX7400 User's Guide
EPSON Printer Software
EPSON Scan
EPSON Stylus CX7400 Series Scanner Driver Update
ESU for Microsoft Vista
eSupportQFolder
File Uploader
Google Toolbar for Internet Explorer
Google Update Helper
Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Customer Participation Program 8.0
HP Doc Viewer
HP Easy Setup - Frontend
HP Help and Support
HP Imaging Device Functions 8.0
HP Photosmart Appliance Printer Driver Software 8.0.D
HP Photosmart Essential
HP Photosmart Essential 2.5
HP Print Diagnostic Utility
HP Product Assistant
HP Quick Launch Buttons 6.30 E1
HP QuickPlay 3.6
HP QuickTouch 1.00 C4
HP Smart Web Printing 4.60
HP Solution Center 8.0
HP Total Care Advisor
HP Update
HP User Guides 0087
HP Wireless Assistant
HPNetworkAssistant
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabel_Tattoo
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotoSmartPhotobookHolidayPack1
HPPhotoSmartPhotobookModernPack1
HPPhotoSmartPhotobookPlayfulPack1
HPPhotoSmartPhotobookScrapbookPack1
HPPhotoSmartPhotobookWebPack1
HPProductAssistant
HPSSupply
Initio USB Default Controller Driver 32-bit
InstallMgr
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
iTunes
Java Auto Updater
Java(TM) 6 Update 22
LabelPrint
LogonStudio Vista
Malwarebytes' Anti-Malware
MarketResearch
McAfee Security Scan Plus
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Chart Controls for Microsoft .NET Framework 3.5
Microsoft Default Manager
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Communicator 2007 R2
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Microsoft® Office Language Pack 2010 "“ English (Business Contact Manager for Microsoft Outlook 2010)
MobileMe Control Panel
Motorola SM56 Data Fax Modem
Move Media Player
Mozilla Firefox (3.6.13)
MSCU for Microsoft Vista
MSN Toolbar
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.1
My HP Games
Nikon Message Center
Nikon Transfer
OGA Notifier 2.0.0048.0
Panda ActiveScan 2.0
Pando Media Booster
Power2Go
PowerDirector
Project64 1.6
PSSWCORE
Quake Live Internet Explorer Plugin
QuickPlay SlingPlayer 0.4.4
QuickTime
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2289161)
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft Word 2010 (KB2345000)
Segoe UI
Service Pack 1 for SQL Server 2008 (KB968369)
SF_CDD_Software
Skype Toolbars
Skypeâ„¢ 5.0
Slingbox Flash Tour
SlingPlayer
SmartWebPrinting
Solstice
SolutionCenter
Spelling Dictionaries Support For Adobe Reader 9
Sql Server Customer Experience Improvement Program
Status
Synaptics Pointing Device Driver
TomTom HOME 2.7.6.2056
TomTom HOME Visual Studio Merge Modules
Toolbox
TrayApp
Unity Web Player
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft OneNote 2010 (KB2433299)
Update for Microsoft Outlook Social Connector (KB2289116)
VC80CRTRedist - 8.0.50727.762
VideoLAN VLC media player 0.8.6h
VideoToolkit01
Viewpoint Media Player
WD SmartWare
WeatherBug Gadget
WebReg
Windows Installer Clean Up
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinRAR archiver
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
3/17/2011 8:41:50 PM, Error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 3 time(s).
3/17/2011 8:30:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments " " in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
3/17/2011 8:12:41 PM, Error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 2 time(s).
3/17/2011 8:11:49 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
3/17/2011 8:11:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments " " in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
3/17/2011 8:11:36 PM, Error: Service Control Manager [7031] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/17/2011 8:11:36 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi DfsC NetBIOS netbt nsiproxy pavboot PSched RasAcd rdbss Smb spldr tdx Wanarpv6
3/17/2011 8:11:36 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/17/2011 8:11:36 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
3/17/2011 8:11:36 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
3/17/2011 8:11:36 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
3/17/2011 8:11:36 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
3/17/2011 8:11:36 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
3/17/2011 8:11:36 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
3/17/2011 8:11:36 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
3/17/2011 8:11:36 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/17/2011 8:11:36 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/17/2011 8:11:36 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/17/2011 8:11:36 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
3/17/2011 8:11:36 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
3/17/2011 8:11:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MDM with arguments " " in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
3/17/2011 8:11:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments " " in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
3/17/2011 8:11:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments " " in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
3/17/2011 8:11:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments " " in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
3/17/2011 8:11:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/17/2011 8:11:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments " " in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
3/17/2011 8:10:29 PM, Error: EventLog [6008] - The previous system shutdown at 8:08:20 PM on 3/17/2011 was unexpected.
3/17/2011 8:07:31 PM, Error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 42 time(s).
3/17/2011 8:07:24 PM, Error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 41 time(s).
3/17/2011 8:07:19 PM, Error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 40 time(s).
3/17/2011 8:07:14 PM, Error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 39 time(s).
3/17/2011 8:07:09 PM, Error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 38 time(s).
3/17/2011 8:07:04 PM, Error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 37 time(s).
3/17/2011 8:06:59 PM, Error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 36 time(s).
3/17/2011 8:06:54 PM, Error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 35 time(s).
3/17/2011 8:06:49 PM, Error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 34 time(s).
3/17/2011 8:06:44 PM, Error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 33 time(s).
3/17/2011 8:06:39 PM, Error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 32 time(s).
3/17/2011 8:06:33 PM, Error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 31 time(s).
3/17/2011 8:06:29 PM, Error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 30 time(s).
3/17/2011 8:06:23 PM, Error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 29 time(s).
3/17/2011 8:06:19 PM, Error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 28 time(s).
3/17/2011 8:06:13 PM, Error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 27 time(s).
3/17/2011 8:06:08 PM, Error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 26 time(s).
3/17/2011 8:06:03 PM, Error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 25 time(s).
3/17/2011 8:05:58 PM, Error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 24 time(s).
3/17/2011 8:05:53 PM, Error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 23 time(s).
3/17/2011 8:05:48 PM, Error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 22 time(s).
3/17/2011 8:05:43 PM, Error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 21 time(s).
3/17/2011 8:05:38 PM, Error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 20 time(s).
3/17/2011 8:05:33 PM, Error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 19 time(s).
3/17/2011 8:05:28 PM, Error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 18 time(s).
3/17/2011 8:05:23 PM, Error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 17 time(s).
3/17/2011 8:05:18 PM, Error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 16 time(s).
3/17/2011 8:05:13 PM, Error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 15 time(s).
3/17/2011 8:05:08 PM, Error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 14 time(s).
3/17/2011 8:05:03 PM, Error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 13 time(s).
3/17/2011 8:04:58 PM, Error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 12 time(s).
3/17/2011 8:04:53 PM, Error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 11 time(s).
3/17/2011 8:04:48 PM, Error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 10 time(s).
3/17/2011 8:04:43 PM, Error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 9 time(s).
3/17/2011 8:04:38 PM, Error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 8 time(s).
3/17/2011 8:04:33 PM, Error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 7 time(s).
3/17/2011 8:04:28 PM, Error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 6 time(s).
3/17/2011 8:04:23 PM, Error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 5 time(s).
3/17/2011 8:04:18 PM, Error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 4 time(s).
3/17/2011 8:04:15 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Cryptographic Services service, but this action failed with the following error: An instance of the service is already running.
3/17/2011 8:02:09 PM, Error: EventLog [6008] - The previous system shutdown at 7:58:18 PM on 3/17/2011 was unexpected.
3/17/2011 7:39:16 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
3/17/2011 7:28:13 PM, Error: Service Control Manager [7022] - The QuickPlay Background Capture Service (QBCS) service hung on starting.
3/17/2011 7:28:13 PM, Error: Service Control Manager [7001] - The QuickPlay Task Scheduler (QTS) service depends on the QuickPlay Background Capture Service (QBCS) service which failed to start because of the following error: After starting, the service hung in a start-pending state.
3/17/2011 7:28:12 PM, Error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
3/17/2011 7:27:43 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
3/17/2011 7:26:29 PM, Error: EventLog [6008] - The previous system shutdown at 6:35:33 PM on 3/17/2011 was unexpected.
3/17/2011 6:00:36 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.
3/17/2011 6:00:07 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
3/17/2011 6:00:07 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/17/2011 6:00:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments " " in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
3/17/2011 6:00:06 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/17/2011 5:59:15 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
3/17/2011 5:58:12 PM, Error: EventLog [6008] - The previous system shutdown at 5:56:41 PM on 3/17/2011 was unexpected.
3/17/2011 5:27:51 PM, Error: EventLog [6008] - The previous system shutdown at 5:25:40 PM on 3/17/2011 was unexpected.
3/17/2011 4:58:47 PM, Error: EventLog [6008] - The previous system shutdown at 4:56:50 PM on 3/17/2011 was unexpected.
3/17/2011 4:40:13 PM, Error: Service Control Manager [7043] - The Windows Modules Installer service did not shut down properly after receiving a preshutdown control.
3/16/2011 7:18:39 PM, Error: EventLog [6008] - The previous system shutdown at 11:14:45 PM on 3/15/2011 was unexpected.
3/15/2011 9:53:39 PM, Error: EventLog [6008] - The previous system shutdown at 9:52:11 PM on 3/15/2011 was unexpected.
3/15/2011 9:25:53 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.
3/15/2011 9:25:53 PM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/15/2011 8:42:56 PM, Error: EventLog [6008] - The previous system shutdown at 8:34:40 PM on 3/15/2011 was unexpected.
3/15/2011 6:48:06 PM, Error: VDS Dynamic Provider [10] - The provider failed while storing notifications from the driver. The Virtual Disk Service should be restarted. hr=80042505
3/15/2011 6:42:20 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSP aswTdi DfsC NetBIOS netbt nsiproxy pavboot PSched RasAcd rdbss Smb spldr tdx Wanarpv6
3/15/2011 6:01:31 PM, Error: Microsoft-Windows-Windows Defender [2004] - Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x8050a001 Error description: The program can't find definition files that help detect unwanted software. Check for updates to the definition files, and then try again. For information on installing updates, see Help and Support. Signatures loading: Backup Loading signature version: 1.97.1233.0 Loading engine version: 1.1.6502.0
3/15/2011 10:11:47 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Windows PowerShell 2.0 and WinRM 2.0 for Windows Vista (KB968930).
3/15/2011 10:11:47 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Windows Malicious Software Removal Tool - February 2011 (KB890830).
3/15/2011 10:11:47 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Windows Mail Junk E-mail Filter [February 2011] (KB905866).
3/15/2011 10:11:47 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Windows Vista (KB2485376).
3/15/2011 10:11:47 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Windows Vista (KB2483185).
3/15/2011 10:11:47 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Windows Vista (KB2479628).
3/15/2011 10:11:47 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Windows Vista (KB2393802).
3/15/2011 10:11:47 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Platform Update Supplement for Windows Vista (KB2117917).
3/15/2011 10:11:47 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Definition Update for Microsoft Office 2010 (KB982726), 32-Bit Edition.
3/15/2011 10:11:47 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Cumulative Security Update for Internet Explorer 8 for Windows Vista (KB2482017).
.
==== End Of File ===========================

MinnesotaMike · 2011/03/18

Broni,

I can only get into SAFE mode, so that is where I'm trying to run ComboFix. I can get it installed, but it never gets beyond the "Attempting to create a new System Restore point ". I've let it run for over 20 minutes and nothing. This is what the last screen says:

Please wait.
ComboFix is preparing to run.
Access Denied. Administrator permissions are needed to use the selected options. Use an administrator command prompt to complete these tasks.

System file is infected!! Attempting to restore "C:\Windows\regedit.exe "

Attempting to create a new System Restore point

That is as far as it goes. I will leave it on over night and see what happens. I did get another box that had two progress bars on it. It seemed to finish what it needed to. After the first stall, I restarted the system and started ComboFix again. This time, I right clicked on the icon and chose "Run as Administrator ". That was no help. I'm not sure where to go from here, but I do need to get some sleep.

Mike

EDIT: After running overnight for 6 hours, ComboFix has not proceeded any farther. So, I forced another shutdown.

broni · 2011/03/18

Did you try to rename it and run rKill first, as my instructions say (in case Combofix doesn't want to run normally)?

MinnesotaMike · 2011/03/18

Hi Broni,

You must have read my mind. I was just headed over to do that. I read your post again and realized I must have been really tired last night. I run Rkill and get back to you tonight.

Mike

MinnesotaMike · 2011/03/18

OK Broni,

I ran Rkill and will post the log at the end here. I then ran Combofix as instructed and I get the same message as above. Once again, it will not proceed any further. During the start of Combofix, it did ask if I wanted to update to the newest version, which I did. I'm still trying to get into normal mode, but I'm not having any luck. I let it run for 5+ hours this afternoon and it stayed on the black startup screen with Microsoft at the bottom and what appears to be a progress bar. man, ain't this fun?

Mike

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 03/18/2011 at 18:06:12.
Operating System: Windows Vista (TM) Home Premium

Rkill completed on 03/18/2011 at 18:06:12.
Processes terminated by Rkill or while it was running:

Rkill completed on 03/18/2011 at 18:06:22.

broni · 2011/03/18

If Combofix is stuck....

Press ctrl+alt+delete, to open Task Manager and click the "Processes" tab.

This will list out a number of processes that are running on your computer. You may see the following running:

* CF19313.cfxxe
* PEV.exe
* NirCmd.cfxxe
* PEV.cfxxe

Please select any processes except for CF19313.cfxxe and click end process. Combofix should continue its run after one of those have been terminated. Again, make sure that you don't terminate the CF19313.cfxxe process.

MinnesotaMike · 2011/03/18

Broni,

Well, I tried the program again and no luck. I did the Ctrl-Alt-Delete and selected Task manger. Unfortunately, Task Manager didn't show up. Then everything froze. I rebooted and started Combofix again. This time I tried typing Task Manager in the search box. It didn't come up and the system froze again. All this is in SAFE mode since I still can not get into normal mode.

Mike

broni · 2011/03/18

Download TDSSKiller and save it to your desktop.

Extract (unzip) its contents to your desktop.

Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

It may ask you to reboot the computer to complete the process. Click on Reboot Now.

If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

MinnesotaMike · 2011/03/18

Broni,

Nothing was found. Here is the log.

2011/03/18 20:16:43.0020 1092 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/18 20:16:43.0301 1092 ================================================================================
2011/03/18 20:16:43.0301 1092 SystemInfo:
2011/03/18 20:16:43.0301 1092
2011/03/18 20:16:43.0301 1092 OS Version: 6.0.6002 ServicePack: 2.0
2011/03/18 20:16:43.0301 1092 Product type: Workstation
2011/03/18 20:16:43.0301 1092 ComputerName: NICK-PC
2011/03/18 20:16:43.0301 1092 UserName: Nick
2011/03/18 20:16:43.0301 1092 Windows directory: C:\Windows
2011/03/18 20:16:43.0301 1092 System windows directory: C:\Windows
2011/03/18 20:16:43.0301 1092 Processor architecture: Intel x86
2011/03/18 20:16:43.0301 1092 Number of processors: 2
2011/03/18 20:16:43.0301 1092 Page size: 0x1000
2011/03/18 20:16:43.0301 1092 Boot type: Safe boot with network
2011/03/18 20:16:43.0301 1092 ================================================================================
2011/03/18 20:16:43.0754 1092 Initialize success
2011/03/18 20:16:52.0646 1476 ================================================================================
2011/03/18 20:16:52.0646 1476 Scan started
2011/03/18 20:16:52.0646 1476 Mode: Manual;
2011/03/18 20:16:52.0646 1476 ================================================================================
2011/03/18 20:16:53.0379 1476 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/03/18 20:16:53.0488 1476 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/03/18 20:16:53.0582 1476 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/03/18 20:16:53.0628 1476 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/03/18 20:16:53.0706 1476 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/03/18 20:16:53.0909 1476 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\Windows\system32\drivers\Afc.sys
2011/03/18 20:16:54.0065 1476 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/03/18 20:16:54.0159 1476 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/03/18 20:16:54.0190 1476 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/03/18 20:16:54.0252 1476 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/03/18 20:16:54.0299 1476 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/03/18 20:16:54.0346 1476 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/03/18 20:16:54.0393 1476 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/03/18 20:16:54.0518 1476 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/03/18 20:16:54.0627 1476 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/03/18 20:16:54.0689 1476 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/03/18 20:16:55.0032 1476 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/03/18 20:16:55.0079 1476 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/03/18 20:16:55.0220 1476 BCM43XV (58da4a879daedc2ef91c0694415417d9) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/03/18 20:16:55.0298 1476 BCM43XX (58da4a879daedc2ef91c0694415417d9) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/03/18 20:16:55.0391 1476 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/03/18 20:16:55.0547 1476 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/03/18 20:16:55.0641 1476 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/03/18 20:16:55.0672 1476 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/03/18 20:16:55.0781 1476 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/03/18 20:16:55.0812 1476 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/03/18 20:16:55.0875 1476 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/03/18 20:16:55.0906 1476 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/03/18 20:16:55.0937 1476 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/03/18 20:16:56.0031 1476 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/03/18 20:16:56.0109 1476 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/03/18 20:16:56.0156 1476 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/03/18 20:16:56.0234 1476 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/03/18 20:16:56.0343 1476 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/03/18 20:16:56.0374 1476 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/03/18 20:16:56.0483 1476 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/03/18 20:16:56.0499 1476 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/03/18 20:16:56.0546 1476 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/03/18 20:16:56.0686 1476 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/03/18 20:16:56.0780 1476 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/03/18 20:16:56.0904 1476 dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
2011/03/18 20:16:56.0951 1476 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/03/18 20:16:56.0998 1476 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/03/18 20:16:57.0092 1476 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/03/18 20:16:57.0154 1476 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
2011/03/18 20:16:57.0263 1476 E100B (c0b00e55cf82d122d25983c7a6a53dea) C:\Windows\system32\DRIVERS\e100b325.sys
2011/03/18 20:16:57.0357 1476 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/03/18 20:16:57.0544 1476 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/03/18 20:16:57.0638 1476 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/03/18 20:16:57.0778 1476 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/03/18 20:16:57.0856 1476 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/03/18 20:16:57.0950 1476 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/03/18 20:16:58.0059 1476 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/03/18 20:16:58.0106 1476 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/03/18 20:16:58.0137 1476 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/03/18 20:16:58.0215 1476 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/03/18 20:16:58.0324 1476 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/03/18 20:16:58.0355 1476 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/03/18 20:16:58.0480 1476 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2011/03/18 20:16:58.0589 1476 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/03/18 20:16:58.0652 1476 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/03/18 20:16:58.0714 1476 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/03/18 20:16:58.0870 1476 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/03/18 20:16:58.0995 1476 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/03/18 20:16:59.0135 1476 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/03/18 20:16:59.0338 1476 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
2011/03/18 20:16:59.0416 1476 HpqRemHid (115c0933b3ed51dfbec4449348c8065b) C:\Windows\system32\DRIVERS\HpqRemHid.sys
2011/03/18 20:16:59.0541 1476 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/03/18 20:16:59.0744 1476 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2011/03/18 20:16:59.0978 1476 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/03/18 20:17:00.0290 1476 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/03/18 20:17:00.0461 1476 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/03/18 20:17:00.0695 1476 ialm (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/03/18 20:17:00.0867 1476 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\Windows\system32\DRIVERS\iaStor.sys
2011/03/18 20:17:00.0945 1476 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/03/18 20:17:01.0163 1476 igfx (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/03/18 20:17:01.0241 1476 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/03/18 20:17:01.0382 1476 IntcAzAudAddService (8d7eb1fd498fd0a34c95a298685ec1c7) C:\Windows\system32\drivers\RTKVHDA.sys
2011/03/18 20:17:01.0475 1476 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/03/18 20:17:01.0506 1476 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/03/18 20:17:01.0631 1476 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/03/18 20:17:01.0709 1476 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/03/18 20:17:01.0756 1476 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/03/18 20:17:01.0818 1476 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/03/18 20:17:01.0865 1476 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/03/18 20:17:01.0928 1476 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/03/18 20:17:01.0959 1476 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/03/18 20:17:02.0021 1476 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/03/18 20:17:02.0130 1476 ivusb (226bd65b1254e49cb3e83af9e78e5f8b) C:\Windows\system32\DRIVERS\ivusb.sys
2011/03/18 20:17:02.0193 1476 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/03/18 20:17:02.0255 1476 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/03/18 20:17:02.0349 1476 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/03/18 20:17:02.0458 1476 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/03/18 20:17:02.0536 1476 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/03/18 20:17:02.0567 1476 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/03/18 20:17:02.0614 1476 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/03/18 20:17:02.0676 1476 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/03/18 20:17:02.0786 1476 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/03/18 20:17:02.0895 1476 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/03/18 20:17:02.0988 1476 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/03/18 20:17:03.0051 1476 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/03/18 20:17:03.0082 1476 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/03/18 20:17:03.0144 1476 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/03/18 20:17:03.0222 1476 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/03/18 20:17:03.0269 1476 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/03/18 20:17:03.0316 1476 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/03/18 20:17:03.0363 1476 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/03/18 20:17:03.0425 1476 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/03/18 20:17:03.0456 1476 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/03/18 20:17:03.0503 1476 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/03/18 20:17:03.0534 1476 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/03/18 20:17:03.0566 1476 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/03/18 20:17:03.0659 1476 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/03/18 20:17:03.0737 1476 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/03/18 20:17:03.0893 1476 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/03/18 20:17:03.0924 1476 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/03/18 20:17:03.0956 1476 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/03/18 20:17:04.0018 1476 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/03/18 20:17:04.0065 1476 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/03/18 20:17:04.0127 1476 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/03/18 20:17:04.0174 1476 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/03/18 20:17:04.0268 1476 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/03/18 20:17:04.0361 1476 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/03/18 20:17:04.0470 1476 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/03/18 20:17:04.0533 1476 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/03/18 20:17:04.0595 1476 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/03/18 20:17:04.0658 1476 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/03/18 20:17:04.0767 1476 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/03/18 20:17:04.0829 1476 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/03/18 20:17:05.0001 1476 NETw3v32 (a15f219208843a5a210c8cb391384453) C:\Windows\system32\DRIVERS\NETw3v32.sys
2011/03/18 20:17:05.0157 1476 NETw4v32 (38d720e0c8b0ecb9a019980265679798) C:\Windows\system32\DRIVERS\NETw4v32.sys
2011/03/18 20:17:05.0250 1476 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/03/18 20:17:05.0313 1476 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/03/18 20:17:05.0391 1476 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/03/18 20:17:05.0469 1476 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/03/18 20:17:05.0531 1476 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/03/18 20:17:05.0562 1476 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/03/18 20:17:05.0594 1476 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/03/18 20:17:05.0640 1476 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/03/18 20:17:05.0672 1476 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/03/18 20:17:05.0812 1476 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/03/18 20:17:05.0890 1476 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/03/18 20:17:05.0952 1476 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/03/18 20:17:05.0984 1476 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/03/18 20:17:06.0030 1476 pavboot (3adb8bd6154a3ef87496e8fce9c22493) C:\Windows\system32\drivers\pavboot.sys
2011/03/18 20:17:06.0077 1476 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/03/18 20:17:06.0124 1476 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
2011/03/18 20:17:06.0171 1476 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/03/18 20:17:06.0264 1476 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/03/18 20:17:06.0452 1476 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/03/18 20:17:06.0498 1476 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/03/18 20:17:06.0576 1476 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/03/18 20:17:06.0701 1476 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/03/18 20:17:06.0748 1476 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/03/18 20:17:06.0857 1476 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/03/18 20:17:06.0951 1476 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/03/18 20:17:07.0013 1476 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/03/18 20:17:07.0091 1476 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/03/18 20:17:07.0154 1476 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/03/18 20:17:07.0232 1476 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/03/18 20:17:07.0278 1476 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/03/18 20:17:07.0341 1476 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/03/18 20:17:07.0356 1476 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/03/18 20:17:07.0419 1476 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/03/18 20:17:07.0528 1476 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
2011/03/18 20:17:07.0559 1476 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
2011/03/18 20:17:07.0590 1476 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
2011/03/18 20:17:07.0700 1476 RsFx0103 (fd692c6ffade58f7c4c3c3c9a0ec35bd) C:\Windows\system32\DRIVERS\RsFx0103.sys
2011/03/18 20:17:07.0762 1476 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/03/18 20:17:07.0856 1476 RTL8169 (9a929308a64183d3d9dccbb6df4badae) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/03/18 20:17:07.0902 1476 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/03/18 20:17:07.0980 1476 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
2011/03/18 20:17:08.0074 1476 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/03/18 20:17:08.0121 1476 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/03/18 20:17:08.0168 1476 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/03/18 20:17:08.0214 1476 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/03/18 20:17:08.0277 1476 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/03/18 20:17:08.0308 1476 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/03/18 20:17:08.0339 1476 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/03/18 20:17:08.0370 1476 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/03/18 20:17:08.0433 1476 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/03/18 20:17:08.0480 1476 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/03/18 20:17:08.0526 1476 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/03/18 20:17:08.0589 1476 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/03/18 20:17:08.0698 1476 smserial (63b3b77bdb67ee674771c0e6fb96da9e) C:\Windows\system32\DRIVERS\smserial.sys
2011/03/18 20:17:08.0792 1476 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/03/18 20:17:08.0932 1476 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2011/03/18 20:17:08.0979 1476 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2011/03/18 20:17:09.0010 1476 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2011/03/18 20:17:09.0119 1476 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/03/18 20:17:09.0197 1476 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/03/18 20:17:09.0291 1476 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/03/18 20:17:09.0322 1476 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/03/18 20:17:09.0400 1476 SynTP (f5d926807bd9bc0af68f9376144de425) C:\Windows\system32\DRIVERS\SynTP.sys
2011/03/18 20:17:09.0525 1476 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/03/18 20:17:09.0572 1476 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/03/18 20:17:09.0634 1476 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/03/18 20:17:09.0696 1476 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/03/18 20:17:09.0759 1476 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/03/18 20:17:09.0821 1476 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/03/18 20:17:09.0868 1476 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/03/18 20:17:09.0993 1476 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/03/18 20:17:10.0118 1476 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/03/18 20:17:10.0196 1476 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/03/18 20:17:10.0242 1476 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/03/18 20:17:10.0305 1476 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/03/18 20:17:10.0367 1476 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/03/18 20:17:10.0414 1476 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/03/18 20:17:10.0461 1476 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/03/18 20:17:10.0492 1476 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/03/18 20:17:10.0554 1476 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/03/18 20:17:10.0679 1476 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
2011/03/18 20:17:10.0788 1476 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/03/18 20:17:10.0820 1476 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/03/18 20:17:10.0882 1476 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/03/18 20:17:10.0913 1476 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/03/18 20:17:10.0960 1476 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/03/18 20:17:10.0991 1476 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/03/18 20:17:11.0085 1476 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/03/18 20:17:11.0132 1476 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/03/18 20:17:11.0178 1476 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/03/18 20:17:11.0272 1476 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/03/18 20:17:11.0319 1476 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/03/18 20:17:11.0381 1476 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/03/18 20:17:11.0412 1476 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/03/18 20:17:11.0459 1476 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/03/18 20:17:11.0490 1476 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/03/18 20:17:11.0553 1476 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/03/18 20:17:11.0631 1476 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/03/18 20:17:11.0693 1476 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/03/18 20:17:11.0724 1476 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/03/18 20:17:11.0802 1476 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/03/18 20:17:11.0880 1476 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/18 20:17:11.0912 1476 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/18 20:17:11.0990 1476 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/03/18 20:17:12.0068 1476 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
2011/03/18 20:17:12.0177 1476 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/03/18 20:17:12.0380 1476 winachsf (3d4d43ae7b10170cecdc728bf8fccd17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
2011/03/18 20:17:12.0520 1476 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/03/18 20:17:12.0645 1476 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/03/18 20:17:12.0707 1476 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/03/18 20:17:12.0801 1476 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/03/18 20:17:12.0926 1476 xnacc (9eea6d029fef5f3016d089b1a603837d) C:\Windows\system32\DRIVERS\xnacc.sys
2011/03/18 20:17:13.0019 1476 ================================================================================
2011/03/18 20:17:13.0019 1476 Scan finished
2011/03/18 20:17:13.0019 1476 ================================================================================

broni · 2011/03/18

Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/

Double-click SUPERAntiSpyware.exe and use the default settings for installation.

An icon will be created on your desktop. Double-click that icon to launch the program.

If asked to update the program definitions, click "Yes ". If not, update the definitions before scanning by selecting "Check for Updates ". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)

Close SUPERAntiSpyware.

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen

Open SUPERAntiSpyware.

Under "Configuration and Preferences ", click the Preferences button.

Click the Scanning Control tab.

Under Scanner Options make sure the following are checked (leave all others unchecked):

Close browsers before scanning.

Terminate memory threats before quarantining.

Click the "Close" button to leave the control center screen.

Back on the main screen, under "Scan for Harmful Software" click Scan your computer.

On the left, make sure you check C:\Fixed Drive.

On the right, under "Complete Scan ", choose Perform Complete Scan.

Click "Next" to start the scan. Please be patient while it scans your computer.

After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK ".

Make sure everything has a checkmark next to it and click "Next ".

A notification will appear that "Quarantine and Removal is Complete ". Click "OK" and then click the "Finish" button to return to the main menu.

If asked if you want to reboot, click "Yes ".

To retrieve the removal information after reboot, launch SUPERAntispyware again.

Click Preferences, then click the Statistics/Logs tab.

Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.

Copy and paste the Scan Log results in your next reply.

Click Close to exit the program.

Post SUPERAntiSpyware log.

MinnesotaMike · 2011/03/18

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/18/2011 at 10:01 PM

Application Version : 4.50.1002

Core Rules Database Version : 6631
Trace Rules Database Version: 4443

Scan type : Complete Scan
Total Scan Time : 01:26:19

Memory items scanned : 333
Memory threats detected : 0
Registry items scanned : 10480
Registry threats detected : 15
File items scanned : 39020
File threats detected : 673

Adware.Tracking Cookie
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\nick@ad.yieldmanager[2].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\nick@invitemedia[2].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\nick@cts.metricsdirect[2].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\nick@doubleclick[2].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\nick@cts.zroitracker[2].txt
.imrworldwide.com [ C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.imrworldwide.com [ C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.doubleclick.net [ C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.questionmarket.com [ C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.questionmarket.com [ C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
adultswim.com [ C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Nick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9V3ZKSUQ ]
media.scanscout.com [ C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Nick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9V3ZKSUQ ]
2mdn.net [ C:\Users\Nick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9V3ZKSUQ ]
a.ads2.msads.net [ C:\Users\Nick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9V3ZKSUQ ]
acvs.mediaonenetwork.net [ C:\Users\Nick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9V3ZKSUQ ]
adimages.scrippsnetworks.com [ C:\Users\Nick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9V3ZKSUQ ]
ads2.msads.net [ C:\Users\Nick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9V3ZKSUQ ]
ads2.msn.com [ C:\Users\Nick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9V3ZKSUQ ]
adsatt.espn.go.com [ C:\Users\Nick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9V3ZKSUQ ]
atdmt.com [ C:\Users\Nick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9V3ZKSUQ ]
b.ads2.msads.net [ C:\Users\Nick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9V3ZKSUQ ]
bannerfarm.ace.advertising.com [ C:\Users\Nick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9V3ZKSUQ ]
broadcast.piximedia.fr [ C:\Users\Nick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9V3ZKSUQ ]
c2.zedo.com [ C:\Users\Nick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9V3ZKSUQ ]
cde.cerosmedia.com [ C:\Users\Nick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9V3ZKSUQ ]
cdn.eyewonder.com [ C:\Users\Nick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9V3ZKSUQ ]
cdn.insights.gravity.com [ C:\Users\Nick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9V3ZKSUQ ]
cdn4.specificclick.net [ C:\Users\Nick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9V3ZKSUQ ]
cloud.video.unrulymedia.com [ C:\Users\Nick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9V3ZKSUQ ]
content.oddcast.com [ C:\Users\Nick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9V3ZKSUQ ]
content.yieldmanager.edgesuite.net [ C:\Users\Nick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9V3ZKSUQ ]
convoad.technoratimedia.com [ C:\Users\Nick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9V3ZKSUQ ]
core.insightexpressai.com [ C:\Users\Nick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9V3ZKSUQ ]
crackle.com [ C:\Users\Nick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9V3ZKSUQ ]
ds.serving-sys.com [ C:\Users\Nick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9V3ZKSUQ ]
ec.atdmt.com [ C:\Users\Nick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9V3ZKSUQ ]
ec.www.teenmodels.com [ C:\Users\Nick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9V3ZKSUQ ]
espn360.channelfinder.net [ C:\Users\Nick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9V3ZKSUQ ]
googleads.g.doubleclick.net [ C:\Users\Nick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9V3ZKSUQ ]
hs.interpolls.com [ C:\Users\Nick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9V3ZKSUQ ]
i.adultswim.com [ C:\Users\Nick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9V3ZKSUQ ]
ia.media-imdb.com [ C:\Users\Nick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9V3ZKSUQ ]
img-cdn.mediaplex.com [ C:\Users\Nick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9V3ZKSUQ ]
indieclick.3janecdn.com [ C:\Users\Nick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9V3ZKSUQ ]
interclick.com [ C:\Users\Nick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9V3ZKSUQ ]
kona.kontera.com [ C:\Users\Nick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9V3ZKSUQ ]
m1.2mdn.net [ C:\Users\Nick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9V3ZKSUQ ]
macromedia.com [ C:\Users\Nick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9V3ZKSUQ ]
media-0.phonezoo.com [ C:\Users\Nick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9V3ZKSUQ ]
media-macys1.pictela.net [ C:\Users\Nick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9V3ZKSUQ ]
media-ut.pictela.net [ C:\Users\Nick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9V3ZKSUQ ]
media.ign.com [ C:\Users\Nick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9V3ZKSUQ ]
media.jambocast.com [ C:\Users\Nick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9V3ZKSUQ ]
media.kyte.tv [ C:\Users\Nick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9V3ZKSUQ ]
media.mtvnservices.com [ C:\Users\Nick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9V3ZKSUQ ]
media.resulthost.org [ C:\Users\Nick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9V3ZKSUQ ]
media.scanscout.com [ C:\Users\Nick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9V3ZKSUQ ]
media.tattomedia.com [ C:\Users\Nick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9V3ZKSUQ ]
media01.kyte.tv [ C:\Users\Nick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9V3ZKSUQ ]
media1.break.com [ C:\Users\Nick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9V3ZKSUQ ]
mediaforgews.com [ C:\Users\Nick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9V3ZKSUQ ]
msnbcmedia.msn.com [ C:\Users\Nick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9V3ZKSUQ ]
naiadsystems.com [ C:\Users\Nick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9V3ZKSUQ ]
objects.tremormedia.com [ C:\Users\Nick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9V3ZKSUQ ]
oddcast.com [ C:\Users\Nick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9V3ZKSUQ ]
s.ncp.imrworldwide.com [ C:\Users\Nick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9V3ZKSUQ ]
s0.2mdn.net [ C:\Users\Nick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9V3ZKSUQ ]
secure-us.imrworldwide.com [ C:\Users\Nick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9V3ZKSUQ ]
serving-sys.com [ C:\Users\Nick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9V3ZKSUQ ]
spe.atdmt.com [ C:\Users\Nick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9V3ZKSUQ ]
speed.pointroll.com [ C:\Users\Nick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9V3ZKSUQ ]
static.2mdn.net [ C:\Users\Nick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9V3ZKSUQ ]
static.sexsearch.com [ C:\Users\Nick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9V3ZKSUQ ]
static.youporn.com [ C:\Users\Nick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9V3ZKSUQ ]
stmedia.startribune.com [ C:\Users\Nick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9V3ZKSUQ ]
track.webgains.com [ C:\Users\Nick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9V3ZKSUQ ]
udn.specificclick.net [ C:\Users\Nick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9V3ZKSUQ ]
video.redorbit.com [ C:\Users\Nick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9V3ZKSUQ ]
www.3d-sexgames.com [ C:\Users\Nick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9V3ZKSUQ ]
www.naiadsystems.com [ C:\Users\Nick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9V3ZKSUQ ]
www.pornhub.com [ C:\Users\Nick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9V3ZKSUQ ]
www.pornsextube.us [ C:\Users\Nick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9V3ZKSUQ ]
www.porntube.com [ C:\Users\Nick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9V3ZKSUQ ]
wwwstatic.megaporn.com [ C:\Users\Nick\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9V3ZKSUQ ]
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\nick@cts.metricsdirect[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@server.cpmstar[2].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@apmebf[2].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@content.yieldmanager[2].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@cdn1.trafficmp[2].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@lucidmedia[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@questionmarket[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@content.yieldmanager[3].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@p.w.i.cltomedia[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@w.o.i.cltomedia[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@o.o.i.cltomedia[2].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@counter.search[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@bannertgt[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@adservr21[2].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@leads.tptracking[2].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@ads.intergi[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@www.completetracker[2].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@specificclick[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@toplist[2].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@insightexpressai[2].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@tribalfusion[2].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@mediabrandsww[2].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@oasn04.247realmedia[2].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@cltomedia[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@www.burstnet[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@track.freebieape[2].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@mediatraffic[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@serving-sys[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@ad.yieldmanager[2].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@burstnet[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@adxpose[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@adserver.adtechus[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@chitika[2].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@www.xxxblackbook[2].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@www.burstbeacon[2].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@dc.tremormedia[2].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@ads.pointroll[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@adbrite[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@ads.fulldls[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@www.mediafire[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@admse012.adbureau[2].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@mediafire[2].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@findlocaljobstoday[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@mediaplex[2].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@adserving.contextualmarketplace[2].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@ad.zanox[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@rotator.adjuggler[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@ads.ad4game[2].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@advertising[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@advertmint[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@eas.apm.emediate[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@ads.intelco.com[2].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@doubleclick[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@static.freewebs.getclicky[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@specificmedia[2].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@ads.bcserving[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@revsci[2].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@collective-media[2].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@tacoda[2].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@media6degrees[2].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@teenist[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@nextag[2].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@realmedia[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@statcounter[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@trafficmp[2].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@at.atwola[2].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@ad.wsod[2].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@bs.serving-sys[2].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@burstbeacon[2].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@click.mediadome[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@invitemedia[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@247realmedia[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@2o7[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@a1.interclick[2].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@ad.jmg[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@ad2.doublepimp[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@adecn[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@adlegend[2].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@ads.pubmatic[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@ads.undertone[2].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@adserve.brandgivewaycentre[2].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@adultfriendfinder[2].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@atdmt[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@bluestreak[2].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@casalemedia[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@cdn4.specificclick[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@click2go[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@clicksor[2].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@edgeadx[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@eyewonder[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@fastclick[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@game-advertising-online[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@imrworldwide[2].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@interclick[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@kaspersky.122.2o7[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@kontera[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@legolas-media[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@myroitracking[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@overture[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@pointroll[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@pro-market[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@romnation[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@ru4[2].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@technoratimedia[2].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@viacom.adbureau[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@videopornteen[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@z.m.y.cltomedia[2].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@xxxblackbook[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@yadro[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@yieldmanager[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@zedo[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\nick@adserve.brandgivewaycentre[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\nick@cts.zroitracker[1].txt
.zedo.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.zedo.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.doubleclick.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.ru4.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.fastclick.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.fastclick.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.mediaplex.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
in.getclicky.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.adbrite.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.adbrite.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.trafficmp.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.trafficmp.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.interclick.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.interclick.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.interclick.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.atdmt.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.atdmt.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.imrworldwide.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.imrworldwide.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.pointroll.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.pointroll.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.eyewonder.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.2o7.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.collective-media.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.adbrite.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.questionmarket.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.atdmt.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.atdmt.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.mediaplex.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.bs.serving-sys.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.overture.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.overture.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.2o7.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.revsci.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.tribalfusion.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.adxpose.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.a1.interclick.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.advertising.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.advertising.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.advertising.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.advertising.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.advertising.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.statcounter.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.2o7.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.realmedia.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.at.atwola.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.tacoda.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.tacoda.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.tacoda.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.advertising.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.at.atwola.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.at.atwola.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.adbrite.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.msnportal.112.2o7.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.liveperson.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.adecn.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.lfstmedia.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.yieldmanager.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.yieldmanager.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.lucidmedia.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.lucidmedia.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.lucidmedia.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.specificmedia.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.ru4.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.2o7.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.adserver.adtechus.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.zedo.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
statse.webtrendslive.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.lucidmedia.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.atdmt.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.atdmt.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.zedo.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.casalemedia.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.casalemedia.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.casalemedia.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.trafficmp.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.trafficmp.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.trafficmp.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.a1.interclick.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.a1.interclick.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.adlegend.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.ru4.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.ru4.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.network.realmedia.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.lucidmedia.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.ru4.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.ru4.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.ru4.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.2o7.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.247realmedia.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
dc.tremormedia.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.burstnet.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.fastclick.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.server.cpmstar.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.adlegend.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.yadro.ru [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.lucidmedia.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.lucidmedia.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.eyewonder.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.pro-market.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.zedo.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.collective-media.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.2o7.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.lucidmedia.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.lucidmedia.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.ru4.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.zedo.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.lucidmedia.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.zedo.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]

MinnesotaMike · 2011/03/18

part 2

.zedo.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.ru4.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.2o7.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.adbrite.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.adbrite.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.ru4.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.ru4.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.lucidmedia.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.lucidmedia.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.ru4.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.lucidmedia.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.lucidmedia.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.ru4.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.ru4.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.2o7.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.googleads.g.doubleclick.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.adultfriendfinder.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.adultfriendfinder.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.pornhub.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.pornhub.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.pornhub.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.realmedia.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.realmedia.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.ad.yieldmanager.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.2o7.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.2o7.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.adxpansion.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.ero-advertising.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.tacoda.at.atwola.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.tacoda.at.atwola.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.adserver.adtechus.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.2o7.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.adserver.adtechus.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.bizrate.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.bizrate.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.bizrate.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.2o7.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.trafficmp.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.trafficmp.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.trafficmp.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.lucidmedia.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.2o7.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.nextag.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.nextag.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.2o7.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.ad.doubleclick.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.ad.doubleclick.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.adserver.adtechus.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.ru4.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.secure.leadback.advertising.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.2o7.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.liveperson.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.2o7.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.2o7.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.azjmp.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.2o7.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
ads.adultswim.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.adultswim.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
games.adultswim.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.adultswim.disqus.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.adultswim.disqus.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.zedo.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
adserver.gunaxin.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.2o7.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.2o7.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.2o7.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.2o7.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.draftcountdown.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.draftcountdown.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.allbritton.122.2o7.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.adbrite.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.freehdpornaccess.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.freehdpornaccess.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.****bookdating.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.****bookdating.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
ads.zeusclicks.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.dmtracker.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.casalemedia.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.liveperson.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.teen-yard.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.teen-yard.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.lexisexton.c4slive.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.lexisexton.c4slive.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.directporntube.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.directporntube.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.youporn.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
ads.crakmedia.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.goldporntube.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.goldporntube.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.pornoxo.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.pornoxo.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.trafficrevenue.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.steelhousemedia.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.steelhousemedia.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.steelhousemedia.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.steelhousemedia.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.viporn.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.viporn.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
top5countdown.mevio.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.mediaforge.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.mediaforge.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.nextag.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.nextag.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.nextag.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.nextag.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.monstercom.112.2o7.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.friendfinder.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.friendfinder.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.adserv.ontek.com.tr [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
1xxx.cqcounter.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.facebookofsex.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.facebookofsex.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
ads.react2media.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
ads.react2media.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
ads.react2media.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
webcamgirls.pornlivenews.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.teenythongs.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.teenythongs.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.sexyshare.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.sexyshare.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.mfeed.newzfind.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.mfeed.newzfind.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.girlfriend****cams.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.girlfriend****cams.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.****cams.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.nextag.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.nextag.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
www.trustedadserver.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.fishadultgames.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.fishadultgames.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
www.sexforums.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
www.sexforums.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
www.sexforums.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
www.sexforums.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.sexforums.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.sexforums.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.****.fishadultgames.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.****.fishadultgames.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.hornyandhappy.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.hornyandhappy.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
porndad.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.marcporn.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.marcporn.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.pornerbros.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.pornerbros.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.24porn7.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.24porn7.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.pornosins.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.pornosins.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
www.porndad.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.sexyclips.org [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.sexyclips.org [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.sexxxdoll.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.sexxxdoll.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.pornvisit.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.pornvisit.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
realhomesex.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.adultadworld.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.adultadworld.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.adnetxchange.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
realhomesex.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
realhomesex.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
realhomesex.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
realhomesex.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
realhomesex.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
realhomesex.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
realhomesex.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
realhomesex.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.realhomesex.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.realhomesex.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.realhomesex.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.realhomesex.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.adultminigames.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.adultminigames.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.liveperson.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.msnbc.112.2o7.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.burstnet.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.clickbank.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.casalemedia.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.findadrink.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.findadrink.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
wstat.wibiya.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.amazonmerchants.122.2o7.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.nike.112.2o7.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.kontera.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.kontera.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.kontera.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.media.photobucket.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.allegis.122.2o7.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
www.clickmanage.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
www.clickmanage.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.apmebf.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.apmebf.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.2o7.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.2o7.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
ads.bridgetrack.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.mediabrandsww.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
www.burstbeacon.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.burstbeacon.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.chitika.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.track.parse.ly [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.intermundomedia.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.intermundomedia.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.casalemedia.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.ru4.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
www.pov-sex.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.pov-sex.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.pov-sex.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.revsci.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.lfstmedia.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.2o7.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.viacom.adbureau.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.viacom.adbureau.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.viacom.adbureau.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.viacom.adbureau.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.viacom.adbureau.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.viacom.adbureau.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.realmedia.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.findallporn.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.findallporn.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.associatedcontent.112.2o7.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.2o7.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
stats.townnews.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
stats.townnews.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
stats.townnews.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
stats.townnews.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
www8.addfreestats.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.tribalfusion.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.tribalfusion.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.tribalfusion.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.tribalfusion.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.tribalfusion.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.2o7.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.2o7.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.revsci.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.liveperson.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.trafficmp.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.revsci.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.revsci.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.revsci.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.ehg-techtarget.hitbox.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.hitbox.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.questionmarket.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.2o7.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.realmedia.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.zedo.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.collective-media.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.collective-media.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.collective-media.net [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]
.zedo.com [ C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\6skf5dh3.default\cookies.sqlite ]

Adware.Zango/ShoppingReport
HKCR\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861}
HKCR\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861}\ProxyStubClsid
HKCR\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861}\ProxyStubClsid32
HKCR\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861}\TypeLib
HKCR\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861}\TypeLib#Version
HKCR\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337}
HKCR\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337}\ProxyStubClsid
HKCR\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337}\ProxyStubClsid32
HKCR\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337}\TypeLib
HKCR\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337}\TypeLib#Version
HKCR\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB}
HKCR\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB}\ProxyStubClsid
HKCR\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB}\ProxyStubClsid32
HKCR\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB}\TypeLib
HKCR\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB}\TypeLib#Version

broni · 2011/03/18

Is that it, or more is coming?

MinnesotaMike · 2011/03/18

As far as I can see, that's the whole log. Should there be more?

broni · 2011/03/18

I wasn't sure. That's why, I asked.

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

MinnesotaMike · 2011/03/18

Here you go. I will check on this tomorrow, I need to get some sleep.

OTL logfile created on: 3/18/2011 10:42:08 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Nick\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 70.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.23 Gb Total Space | 46.36 Gb Free Space | 33.78% Space Free | Partition Type: NTFS
Drive D: | 11.82 Gb Total Space | 1.87 Gb Free Space | 15.79% Space Free | Partition Type: NTFS

Computer Name: NICK-PC | User Name: Nick | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/18 22:40:01 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Nick\Desktop\OTL.exe
PRC - [2011/03/16 17:24:21 | 002,423,752 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/12/11 19:39:12 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

========== Modules (SafeList) ==========

MOD - [2011/03/18 22:40:01 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Nick\Desktop\OTL.exe
MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/02/23 09:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/08/24 04:38:18 | 000,092,008 | ---- | M] (TomTom) [Auto | Stopped] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/03/25 14:45:36 | 000,031,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2010/03/25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/11/05 09:44:16 | 000,110,592 | ---- | M] (WDC) [Auto | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009/06/16 09:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2008/04/15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/03/05 13:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)

========== Driver Services (SafeList) ==========

DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/06/30 09:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Stopped] -- C:\Windows\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2009/03/30 03:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2009/03/11 17:19:00 | 000,024,216 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ivusb.sys -- (ivusb)
DRV - [2009/02/13 12:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2007/10/31 18:36:32 | 002,252,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007/09/17 18:17:36 | 000,098,816 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/07/11 13:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007/06/18 20:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/03/22 01:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/02/24 17:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/01/23 19:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/01/17 08:38:52 | 000,983,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006/11/02 02:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3323131343-1183404410-2123129801-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3323131343-1183404410-2123129801-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3323131343-1183404410-2123129801-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3323131343-1183404410-2123129801-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com "
FF - prefs.js..browser.search.defaultenginename: "Ask.com "
FF - prefs.js..browser.search.order.1: "Ask.com "
FF - prefs.js..browser.search.selectedEngine: "Ask.com "
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://espn.go.com/ "
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: activegs@freetoolsassociation.com:3.3.101
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=MP3R7&o=15863&locale=en_US&apn_uid=816F264D-7C85-47C7-9AED-D0AE5DB77C3D&apn_ptnrs=RV&apn_sauid=&apn_dtid=&q= "
FF - prefs.js..network.proxy.no_proxies_on: "*.local "

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/07 16:49:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/25 11:55:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/15 19:49:05 | 000,000,000 | ---D | M]

[2010/12/18 20:47:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nick\AppData\Roaming\mozilla\Extensions
[2010/12/18 20:47:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nick\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2011/03/18 22:28:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nick\AppData\Roaming\mozilla\Firefox\Profiles\6skf5dh3.default\extensions
[2010/04/26 19:34:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Nick\AppData\Roaming\mozilla\Firefox\Profiles\6skf5dh3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/10 19:28:57 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Nick\AppData\Roaming\mozilla\Firefox\Profiles\6skf5dh3.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/02/28 20:51:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nick\AppData\Roaming\mozilla\Firefox\Profiles\6skf5dh3.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2011/02/16 16:04:41 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Nick\AppData\Roaming\mozilla\Firefox\Profiles\6skf5dh3.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}(272)
[2011/01/10 19:28:56 | 000,000,000 | ---D | M] (ActiveGS) -- C:\Users\Nick\AppData\Roaming\mozilla\Firefox\Profiles\6skf5dh3.default\extensions\activegs@freetoolsassociation.com
[2011/02/14 16:01:14 | 000,000,000 | ---D | M] (Autofill Forms) -- C:\Users\Nick\AppData\Roaming\mozilla\Firefox\Profiles\6skf5dh3.default\extensions\autofillForms@blueimp(27).net
[2011/02/28 20:51:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nick\AppData\Roaming\mozilla\Firefox\Profiles\6skf5dh3.default\extensions\autofillForms@blueimp.net
[2010/10/24 16:05:14 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Nick\AppData\Roaming\mozilla\Firefox\Profiles\6skf5dh3.default\extensions\toolbar@ask.com
[2011/03/18 22:28:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/17 01:30:51 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/05/11 22:46:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/11/29 01:47:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/02/24 14:20:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2009/10/25 20:53:41 | 000,000,000 | ---D | M] (Move Media Player) -- C:\USERS\NICK\APPDATA\ROAMING\MOVE NETWORKS
[2009/09/12 23:05:42 | 000,124,240 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\CCMSDK.dll
[2009/09/12 23:06:22 | 000,070,488 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\CgpCore.dll
[2009/09/12 23:06:32 | 000,091,480 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\confmgr.dll
[2009/09/12 23:06:28 | 000,022,360 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\ctxlogging.dll
[2010/09/15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/09/12 23:08:36 | 000,406,864 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npicaN.dll
[2009/12/20 14:14:11 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
[2009/09/12 23:06:24 | 000,023,896 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\TcpPServ.dll

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (MP3 Rocket Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (MP3 Rocket Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-3323131343-1183404410-2123129801-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-3323131343-1183404410-2123129801-1000\..\Toolbar\WebBrowser: (MP3 Rocket Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [hpqSRMon] File not found
O4 - HKU\S-1-5-21-3323131343-1183404410-2123129801-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] C:\Windows\is-AUVVK.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware (registration)] C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll (Malwarebytes Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-3323131343-1183404410-2123129801-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe (Virtools WebPlayer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: CabBuilder http://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/06 14:37:24 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 10:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{0ad27394-ff9a-11de-b0c3-001b24f96626}\Shell - " " = AutoRun
O33 - MountPoints2\{0ad27394-ff9a-11de-b0c3-001b24f96626}\Shell\AutoRun\command - " " = "F:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{a4801be7-64e4-11df-913f-001b24f96626}\Shell - " " = AutoRun
O33 - MountPoints2\{a4801be7-64e4-11df-913f-001b24f96626}\Shell\AutoRun\command - " " = "F:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{ab1edc80-0af8-11e0-84e0-001b24f96626}\Shell\AutoRun\command - " " = F:\InstallTomTomHOME.exe
O33 - MountPoints2\{b31cf697-fe39-11de-b18c-001b24f96626}\Shell - " " = AutoRun
O33 - MountPoints2\{b31cf697-fe39-11de-b18c-001b24f96626}\Shell\AutoRun\command - " " = "H:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{b31cf6b0-fe39-11de-b18c-001b24f96626}\Shell - " " = AutoRun
O33 - MountPoints2\{b31cf6b0-fe39-11de-b18c-001b24f96626}\Shell\AutoRun\command - " " = "F:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{e1c71dfd-68d7-11df-86d4-001b24f96626}\Shell - " " = AutoRun
O33 - MountPoints2\{e1c71dfd-68d7-11df-86d4-001b24f96626}\Shell\AutoRun\command - " " = "F:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/03/18 22:40:01 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Nick\Desktop\OTL.exe
[2011/03/18 20:29:27 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Roaming\SUPERAntiSpyware.com
[2011/03/18 20:29:27 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/03/18 20:29:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/03/18 20:29:21 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/03/18 20:25:36 | 010,697,120 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Nick\Desktop\SUPERAntiSpyware.exe
[2011/03/18 20:16:20 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Nick\Desktop\TDSSKiller.exe
[2011/03/18 20:01:52 | 000,000,000 | --SD | C] -- C:\Mike9208M
[2011/03/18 20:01:28 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/03/18 19:50:48 | 000,000,000 | --SD | C] -- C:\Mike30656M
[2011/03/18 18:19:17 | 000,000,000 | --SD | C] -- C:\Mike2167M
[2011/03/18 18:17:49 | 000,000,000 | --SD | C] -- C:\Mike
[2011/03/18 00:24:04 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/03/18 00:07:41 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/03/18 00:07:41 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/03/18 00:07:41 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/03/18 00:07:18 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/03/17 23:39:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/03/17 23:04:23 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/03/17 16:48:12 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Nick\Desktop\TFC.exe
[2011/03/15 18:34:35 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/02/24 00:57:21 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[20 C:\Users\Nick\Documents\*.tmp files -> C:\Users\Nick\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/18 22:40:01 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Nick\Desktop\OTL.exe
[2011/03/18 22:08:35 | 000,668,828 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/03/18 22:08:35 | 000,127,828 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/03/18 22:04:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/18 20:29:24 | 000,001,800 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/03/18 20:26:43 | 010,697,120 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Nick\Desktop\SUPERAntiSpyware.exe
[2011/03/18 20:15:24 | 000,001,748 | ---- | M] () -- C:\Users\Nick\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/03/18 20:15:14 | 001,263,721 | ---- | M] () -- C:\Users\Nick\Desktop\tdsskiller.zip
[2011/03/18 18:18:20 | 004,290,189 | R--- | M] () -- C:\Users\Nick\Desktop\Mike.exe
[2011/03/18 18:03:56 | 001,006,764 | ---- | M] () -- C:\Users\Nick\Desktop\rkill.exe
[2011/03/17 23:04:18 | 209,605,935 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/03/17 22:31:15 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/17 22:04:05 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/17 21:35:32 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/17 19:40:00 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{F645DB5C-0F85-4BA9-B055-E6CD770B412A}.job
[2011/03/17 19:38:25 | 000,709,456 | ---- | M] () -- C:\Windows\is-AUVVK.exe
[2011/03/17 19:38:25 | 000,010,562 | ---- | M] () -- C:\Windows\is-AUVVK.msg
[2011/03/17 19:38:25 | 000,000,361 | ---- | M] () -- C:\Windows\is-AUVVK.lst
[2011/03/17 19:29:31 | 000,000,164 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2011/03/17 19:28:36 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/17 18:17:03 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/17 16:52:12 | 000,625,664 | ---- | M] () -- C:\Users\Nick\Desktop\dds.scr
[2011/03/17 16:51:38 | 000,080,384 | ---- | M] () -- C:\Users\Nick\Desktop\MBRCheck.exe
[2011/03/17 16:51:00 | 000,296,448 | ---- | M] () -- C:\Users\Nick\Desktop\GMER.exe
[2011/03/17 16:48:17 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Nick\Desktop\TFC.exe
[2011/03/15 21:24:48 | 000,392,736 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/03/15 21:22:43 | 000,001,356 | ---- | M] () -- C:\Users\Nick\AppData\Local\d3d9caps.dat
[2011/03/15 19:49:06 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/03/15 19:26:26 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/03/15 19:17:22 | 000,001,840 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/03/10 12:27:50 | 001,377,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Nick\Desktop\TDSSKiller.exe
[2011/02/23 09:04:21 | 000,040,648 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/02/23 09:04:17 | 000,190,016 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[20 C:\Users\Nick\Documents\*.tmp files -> C:\Users\Nick\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/18 20:29:24 | 000,001,800 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/03/18 20:15:24 | 000,001,748 | ---- | C] () -- C:\Users\Nick\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/03/18 20:15:11 | 001,263,721 | ---- | C] () -- C:\Users\Nick\Desktop\tdsskiller.zip
[2011/03/18 18:03:56 | 001,006,764 | ---- | C] () -- C:\Users\Nick\Desktop\rkill.exe
[2011/03/18 18:03:22 | 004,290,189 | R--- | C] () -- C:\Users\Nick\Desktop\Mike.exe
[2011/03/18 00:07:41 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/03/18 00:07:41 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/03/18 00:07:41 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/03/18 00:07:41 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/03/18 00:07:41 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/03/17 23:04:18 | 209,605,935 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/03/17 19:38:25 | 000,709,456 | ---- | C] () -- C:\Windows\is-AUVVK.exe
[2011/03/17 19:38:25 | 000,010,562 | ---- | C] () -- C:\Windows\is-AUVVK.msg
[2011/03/17 19:38:25 | 000,000,361 | ---- | C] () -- C:\Windows\is-AUVVK.lst
[2011/03/17 16:52:08 | 000,625,664 | ---- | C] () -- C:\Users\Nick\Desktop\dds.scr
[2011/03/17 16:51:36 | 000,080,384 | ---- | C] () -- C:\Users\Nick\Desktop\MBRCheck.exe
[2011/03/17 16:50:59 | 000,296,448 | ---- | C] () -- C:\Users\Nick\Desktop\GMER.exe
[2010/12/13 16:19:36 | 000,000,268 | RH-- | C] () -- C:\Users\Nick\AppData\Roaming\BSD
[2010/12/13 16:19:36 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Bass
[2010/12/13 16:19:36 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2010/12/13 16:19:36 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Brother
[2010/07/17 01:35:48 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/05/11 17:57:30 | 000,000,036 | ---- | C] () -- C:\Users\Nick\AppData\Local\housecall.guid.cache
[2010/03/07 16:48:49 | 000,023,086 | ---- | C] () -- C:\Windows\hpqins15.dat
[2009/10/27 23:26:17 | 001,053,056 | ---- | C] () -- C:\Windows\System32\drivers\CAMTHWDM.sys
[2009/09/17 00:01:04 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/17 00:01:03 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/14 10:57:23 | 000,116,840 | ---- | C] () -- C:\Windows\hpqins00.dat
[2009/03/09 23:25:04 | 000,189,248 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2009/03/09 23:25:03 | 000,070,968 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2009/03/09 23:23:20 | 000,674,600 | ---- | C] () -- C:\Windows\System32\X6[1].exe
[2009/02/26 00:43:57 | 000,138,056 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\PnkBstrK.sys
[2009/02/26 00:43:41 | 002,246,144 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2009/01/05 15:44:10 | 000,053,248 | ---- | C] () -- C:\Windows\bdoscandel.exe
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2008/12/27 16:19:12 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/10/02 22:28:34 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/09/07 15:01:33 | 000,001,356 | ---- | C] () -- C:\Users\Nick\AppData\Local\d3d9caps.dat
[2008/08/27 22:59:55 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2008/08/27 22:59:55 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2008/08/27 22:59:55 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2008/08/27 22:59:55 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2008/08/27 22:59:55 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2008/08/27 22:59:55 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2008/08/27 22:59:55 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2008/08/27 22:59:55 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2008/08/27 22:59:55 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2008/08/27 22:59:55 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2008/08/27 22:59:55 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2008/08/27 22:59:55 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2008/08/27 22:59:55 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2008/08/27 22:59:55 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2008/08/27 22:59:55 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2008/08/27 22:59:55 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2008/08/27 22:58:43 | 000,000,079 | ---- | C] () -- C:\Windows\EPSCX7400.ini
[2008/08/27 22:39:47 | 000,228,352 | ---- | C] () -- C:\Users\Nick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/27 07:58:00 | 000,127,515 | ---- | C] () -- C:\Windows\hppins23.dat
[2008/08/27 07:57:52 | 000,002,188 | ---- | C] () -- C:\Windows\hppmdl23.dat
[2008/08/26 23:05:43 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/02/11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008/02/11 19:34:48 | 002,215,364 | ---- | C] () -- C:\Windows\System32\igklg400.bin
[2008/02/11 19:34:48 | 001,971,732 | ---- | C] () -- C:\Windows\System32\igklg450.bin
[2008/02/11 19:34:48 | 000,029,932 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.bin
[2008/02/06 15:47:40 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat
[2008/02/06 15:47:40 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
[2008/02/06 15:47:06 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/02/06 14:52:57 | 000,101,605 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007/10/31 10:39:54 | 000,059,904 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2007/09/13 10:31:06 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll
[2007/09/13 10:22:46 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/09/13 10:22:46 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,392,736 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,668,828 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,127,828 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 17:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

========== LOP Check ==========

[2010/10/15 11:17:04 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/09/21 11:44:27 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\ICAClient
[2008/12/24 19:16:04 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Ludia
[2010/08/15 20:54:46 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\MP3Rocket
[2010/08/19 13:09:49 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\MSNInstaller
[2009/12/20 16:47:52 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Secret of the Solstice
[2010/12/18 20:47:18 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\TomTom
[2010/03/28 21:58:31 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Unity
[2009/11/23 17:03:08 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\uTorrent
[2009/10/27 23:28:49 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\WebcamMax
[2010/01/10 17:57:11 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Western Digital
[2010/01/10 23:37:57 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Western DigitalTemp
[2008/12/24 19:10:37 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\WildTangent
[2011/03/17 16:40:23 | 000,032,548 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/03/17 19:40:00 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{F645DB5C-0F85-4BA9-B055-E6CD770B412A}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2008/02/06 14:37:24 | 000,000,074 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 01:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2008/02/06 14:13:38 | 000,000,367 | -H-- | M] () -- C:\IPH.PH
[2011/03/18 22:03:49 | 2451,238,912 | -HS- | M] () -- C:\pagefile.sys
[2008/09/25 13:05:03 | 000,000,471 | ---- | M] () -- C:\RHDSetup.log
[2011/03/18 18:06:22 | 000,000,419 | ---- | M] () -- C:\rkill.log
[2011/03/18 20:18:03 | 000,062,306 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_18.03.2011_20.16.42_log.txt
[2008/10/16 19:17:55 | 000,000,594 | ---- | M] () -- C:\updatedatfix.log

< %systemroot%\Fonts\*.com >
[2006/11/02 07:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 07:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 07:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2010/04/30 10:16:45 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 16:37:34 | 000,000,065 | -H-- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/01/19 02:34:28 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\HPZPPLHN.DLL
[2006/11/02 07:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\mdippr.dll
[2006/10/26 22:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2011/02/23 09:04:21 | 000,040,648 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2010/09/23 01:32:56 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/12/26 18:43:50 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 05:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/04/29 19:05:41 | 000,000,286 | -HS- | M] () -- C:\Users\Nick\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2005/04/18 19:55:50 | 001,703,936 | ---- | M] () -- C:\Users\Nick\Desktop\DCPlusPlus.exe
[2011/03/17 16:51:00 | 000,296,448 | ---- | M] () -- C:\Users\Nick\Desktop\GMER.exe
[2011/03/17 16:51:38 | 000,080,384 | ---- | M] () -- C:\Users\Nick\Desktop\MBRCheck.exe
[2011/03/18 18:18:20 | 004,290,189 | R--- | M] () -- C:\Users\Nick\Desktop\Mike.exe
[2011/03/18 22:40:01 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Nick\Desktop\OTL.exe
[2011/03/18 18:03:56 | 001,006,764 | ---- | M] () -- C:\Users\Nick\Desktop\rkill.exe
[2011/03/18 20:26:43 | 010,697,120 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Nick\Desktop\SUPERAntiSpyware.exe
[2011/03/10 12:27:50 | 001,377,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Nick\Desktop\TDSSKiller.exe
[2011/03/17 16:48:17 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Nick\Desktop\TFC.exe
[2009/06/29 09:14:05 | 001,234,120 | ---- | M] () -- C:\Users\Nick\Desktop\Winrar.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2008/08/26 21:42:51 | 000,000,402 | -HS- | M] () -- C:\Users\Nick\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/12/13 16:19:36 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Bass
[2010/12/13 16:19:36 | 000,000,012 | RH-- | M] () -- C:\ProgramData\Brother
[2010/03/07 16:51:20 | 000,002,730 | ---- | M] () -- C:\ProgramData\hpzinstall.log
[2010/05/12 07:05:47 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMPFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >

MinnesotaMike · 2011/03/18

OTL Extras logfile created on: 3/18/2011 10:42:08 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Nick\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 70.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.23 Gb Total Space | 46.36 Gb Free Space | 33.78% Space Free | Partition Type: NTFS
Drive D: | 11.82 Gb Total Space | 1.87 Gb Free Space | 15.79% Space Free | Partition Type: NTFS

Computer Name: NICK-PC | User Name: Nick | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3323131343-1183404410-2123129801-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0117F56C-B2BF-474F-8029-0CAD22D17D79}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{08B5C8B7-653E-40DF-8FD1-AE08A39E21BC}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{0C829F45-F2AA-4AFD-A834-2C52C0F701AB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{314A0593-CD16-44FA-9FE8-D3D5A30AA543}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3409FD5D-6E17-4B3C-8E65-5F52858D2B4A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{40618A46-E4B8-4ACC-B605-C14C38C84AEC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{428F74D4-1EAF-4739-9193-70B39A23E37C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4F8663E5-C0D3-4D57-B4B4-29B508B9FE21}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{6194BD2C-527C-4EFE-9ABC-8FAF485847AC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7989B4B8-064B-4873-A2C1-EA494CCB5DBB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7A15CE58-2C81-47A2-A1EE-F1F21AFA5E5F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7A4C0220-26B3-443F-947A-1E2440D3535F}" = rport=139 | protocol=6 | dir=out | app=system |
"{83217471-CDB3-4EEA-89BA-C794CA5FF3DA}" = lport=138 | protocol=17 | dir=in | app=system |
"{8B8C2A13-6BC4-4818-9B39-508000197650}" = rport=445 | protocol=6 | dir=out | app=system |
"{A4C84DAA-365D-4FE6-ABDA-E515D219B78A}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{B16A4C00-10DA-466A-ACF3-0B9F7BAD5B9D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B6F8D02A-9064-4482-9435-60CA669E08C1}" = rport=137 | protocol=17 | dir=out | app=system |
"{BBFA0824-A189-462A-A276-FA69E22126E3}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D19C7137-6F82-44DD-BF09-DDF283658AC8}" = rport=138 | protocol=17 | dir=out | app=system |
"{D5C6B17D-4F60-48DB-AEA1-45A2FE192743}" = lport=445 | protocol=6 | dir=in | app=system |
"{D751371E-A6AB-42AB-A018-D15D5ADC3D68}" = lport=137 | protocol=17 | dir=in | app=system |
"{DBF5F484-6C40-4407-B08B-ABDC0F75A742}" = lport=10243 | protocol=6 | dir=in | app=system |
"{E012C892-B563-49C5-8672-2FC222EFA1EB}" = lport=139 | protocol=6 | dir=in | app=system |
"{EECB960F-B219-46D4-B81C-8A16F36A0709}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{018561F3-1327-4887-AC3D-9DB04F6D3BA3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{02103870-DB5B-4781-92A4-964D7B0FB62A}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{03352FD5-3B7A-4DDA-B8A6-E6B895F621AB}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{0749EA89-A444-4F4A-B01F-22C30E04880E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0B892841-B7D5-469E-9A72-D0FC82708FAF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{0CE4598D-8C05-453A-A837-51B5502717CC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0F5F81D6-2BE8-4596-8E91-6DD6E4E12FDC}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{0FBEECCB-7FD2-4134-8ED2-94D012872A48}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{11AC77E9-DD61-45DB-9DAB-A5D0A4CE593F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{164F6700-1E6C-4122-8044-C95F110D4F43}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{17F549B2-4964-4478-96A2-D9D0A1393C76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{1CD710F4-2513-4F8D-9C56-43D4FED8BC33}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{1D49B065-F4A2-44AE-A819-17ACC4248F95}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{2944CB66-9D12-449A-90E1-7AAE89E6D9E0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{2BCFE03E-89C8-46D4-B0F5-82C570C18905}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2C046AB2-7C91-4FB7-A0F0-0A760192511C}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{2D267D3F-D771-49F4-B022-B4B8F31BC35A}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{3308191F-F0D6-42FC-8F8A-9E75AC7E0D04}" = protocol=17 | dir=in | app=c:\program files\microsoft office communicator\communicator.exe |
"{3ADBBC20-87EC-4F60-800C-D3EDC827675A}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{42A21090-69A0-48D3-A3B4-012F1F23009A}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{4606DF27-CBC9-48C4-BCE3-5114A554A5DF}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{4B62174E-4955-4883-B2F8-5F072D4134F5}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{4E568CD1-B3CF-4932-87C0-11495BF4AC06}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{53225D54-D9EF-4E69-8B72-A7CC53E50536}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{544B89F7-ACB0-4422-8382-F70F63EE51FE}" = protocol=6 | dir=out | app=system |
"{5670769F-80B2-4C0F-8801-D53A9CDF089B}" = protocol=17 | dir=in | app=c:\program files\microsoft office communicator\communicator.exe |
"{5966A8AC-B09D-4A3A-8F90-669E41523032}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{5B10C9A3-D0AF-4BFF-942D-682D0AD0E1B6}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{5CEB4D26-8F5E-420F-8565-BF371C555405}" = protocol=6 | dir=in | app=c:\program files\microsoft office communicator\communicator.exe |
"{6366112E-F9CE-4B45-935E-538DD1B3374C}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{697129BA-4F74-49D9-AB09-23088E70E24E}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{6B249DA0-1D4C-47E8-AE1C-0000244DE57C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{6D81D078-8323-4A96-B390-AA58B8D27D39}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{7689B379-34EE-4E88-A6E9-52C75296675D}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{7AB30C47-090A-4436-AB07-6133AA46CCD5}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{7B39A356-69EA-411C-B3B5-665B67F89641}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{7E6883D4-CB18-4D94-9A94-41F9A3736219}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8123E3D4-341D-41A2-AA4A-9AB51F89F95E}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{860CBB39-398C-4936-938A-224389FEA10E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{88E78071-4897-423B-86AC-0FE1D6F17732}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{90610DAD-A9D9-4074-9997-3AECBC3BB4AE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{919276A2-52B7-4190-ACBC-5E5A79B50E56}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9B60EF8B-0035-476B-BADA-678DF43AF309}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9E270477-603F-4BCB-A6A7-654B5FFFDC0F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A6C7E43D-C935-4422-9B36-56B5D026FBD9}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{A97BE2A7-38D1-46CC-9E07-ACE84707DA5C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AFD22C1A-2A1B-4D8D-9EA1-55F9010FE795}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{B1544BE4-9A47-4ED1-8F1B-C3D51727248B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B2D01AB1-048D-4DC6-B83B-73A798B35C2E}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{B3F31C7A-C40D-4191-8CAA-E62F9AE41D04}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{BBB185DC-A630-451F-AD99-29B26AB83A8B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BE59D9C6-E199-4477-8352-5A1856B4BA54}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{C326CE1E-649B-4276-9065-8C466D60971E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{C65E0098-DB17-47D5-9103-48615975423D}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{D62E1520-512E-4016-A88F-950758567E77}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{D8EF89AF-B499-4D85-ABB7-456530ED1664}" = protocol=6 | dir=in | app=c:\program files\microsoft office communicator\communicator.exe |
"{DDE98B22-22EC-4616-8F84-8629266BE900}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E64FF3DB-D719-499C-B266-EE959C3FFA31}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E8FE37C9-2B68-416E-90D2-9AAB946B7C4F}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{F1EEEA2C-E3FD-4942-915B-6C4CE5AC5320}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{F338C1F9-093C-47CF-B188-028BB884F00C}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{F5AAA697-73F9-4967-89D8-1110A24059AA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F8D673CD-8220-448F-A1DC-D514A5DD2DAE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{01EA797B-B3A8-4744-A175-638DE0393CBF}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{036E028B-F1C4-4D28-8599-29A6C02C0B06}C:\users\nick\desktop\ds\desmume-0.9.2-win32\desmume_sse2.exe" = protocol=6 | dir=in | app=c:\users\nick\desktop\ds\desmume-0.9.2-win32\desmume_sse2.exe |
"TCP Query User{1FA5AD89-6369-446E-93EA-3447747F2D7A}C:\users\nick\desktop\ds\desmume-0.9.2-win32\desmume_sse2.exe" = protocol=6 | dir=in | app=c:\users\nick\desktop\ds\desmume-0.9.2-win32\desmume_sse2.exe |
"TCP Query User{20276865-9BBA-4273-98F5-5DDE4F17DD98}C:\program files\dcplusplus.exe" = protocol=6 | dir=in | app=c:\program files\dcplusplus.exe |
"TCP Query User{296B9551-A1D2-413F-889A-2147C6F32433}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe |
"TCP Query User{3D273CF5-DD6E-4D7C-A63D-A46E92994282}C:\users\nick\desktop\dcplusplus.exe" = protocol=6 | dir=in | app=c:\users\nick\desktop\dcplusplus.exe |
"TCP Query User{5B1EAD14-3E5E-4DEF-BC72-2A31CF09B0F3}C:\users\nick\desktop\dcplusplus.exe" = protocol=6 | dir=in | app=c:\users\nick\desktop\dcplusplus.exe |
"TCP Query User{DA449366-DA16-4CFC-A7E6-4F768224D2F7}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{F9C255B1-9599-4A1B-9102-4754E342DDB2}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{3AC7B198-A3B5-4FC1-BA13-9F76711DDC3D}C:\program files\dcplusplus.exe" = protocol=17 | dir=in | app=c:\program files\dcplusplus.exe |
"UDP Query User{42C5BE2F-37F7-41FE-8C0B-393CADA8E701}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{7F769D1A-C86F-4D69-95FB-DE84C2C88435}C:\users\nick\desktop\dcplusplus.exe" = protocol=17 | dir=in | app=c:\users\nick\desktop\dcplusplus.exe |
"UDP Query User{944890A9-516D-4882-B0BC-5201B908E50F}C:\users\nick\desktop\ds\desmume-0.9.2-win32\desmume_sse2.exe" = protocol=17 | dir=in | app=c:\users\nick\desktop\ds\desmume-0.9.2-win32\desmume_sse2.exe |
"UDP Query User{958CCB7E-3D74-40E5-B8CE-40272BEE09C9}C:\users\nick\desktop\ds\desmume-0.9.2-win32\desmume_sse2.exe" = protocol=17 | dir=in | app=c:\users\nick\desktop\ds\desmume-0.9.2-win32\desmume_sse2.exe |
"UDP Query User{B252FDAD-A441-42E0-AD46-952CF91C718F}C:\users\nick\desktop\dcplusplus.exe" = protocol=17 | dir=in | app=c:\users\nick\desktop\dcplusplus.exe |
"UDP Query User{C1179FD7-C266-400B-9D84-B5EE6759658A}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{F0930F4B-E64B-42F0-9343-68532C293FA1}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{FF5F6012-A205-41B1-A0A0-00BB51AEEA36}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{050BF7DA-82C4-416A-8294-7AFEB8ED94E1}" = Microsoft® Office Language Pack 2010 "“ English (Business Contact Manager for Microsoft Outlook 2010)
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BCA9EFD-F2D6-4638-B053-8693BA0404BE}" = Citrix online plug-in (Web)
"{0D1CBBB9-F4A8-45B6-95E7-202BA61D7AF4}" = Microsoft Office Communicator 2007 R2
"{0D6D96F4-0CAF-4522-B05F-70A88EDECDFD}" = ArcSoft Print Creations
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1CE975D2-718E-465d-BBCB-8655F097C120}" = SF_CDD_Software
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{232DB76D-4751-41A9-9EC2-CDC0DAC1FAB6}" = WD SmartWare
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{24ADC0E4-8D3E-40C4-9106-F2DE5E9112F1}" = EPSON Stylus CX7400 Series Scanner Driver Update
"{250E9609-E830-43EB-B379-DAB7546A2422}" = muvee autoProducer 6.1
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 E1
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{38EAC694-0D90-445F-8C17-8B50ADFE3162}" = Slingbox Flash Tour
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.6
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{4909D8D2-DD24-4B8A-9F30-5A24732E1FDD}" = Quake Live Internet Explorer Plugin
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D49757C-367A-4333-BDB3-68966162B14E}" = HP User Guides 0087
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 4.1
"{4F44B5AE-82A6-4A8A-A3E3-E24D489728E3}" = Microsoft SQL Server 2008 Native Client
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{596A8F65-C705-4e68-B85E-CE0B45490712}" = HP Photosmart Appliance Printer Driver Software 8.0.D
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5E06C076-E4E7-4239-A886-B3D8AC84C166}" = HP Print Diagnostic Utility
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6AC4E434-8126-4840-BBD3-6B1EB78BBFF5}" = Solstice
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7DC4A410-9986-4329-9E5D-687B2C42CA39}" = HP QuickTouch 1.00 C4
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{865DB1C9-D5E4-408B-B37D-9927E605BD2D}" = ESU for Microsoft Vista
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{98177940-C048-4831-A279-F3888B1E2C7F}" = InstallMgr
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A8AC89BA-D8CB-4372-9743-1C54D23286B0}" = MSN Toolbar
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB75312A-5C5A-485D-930A-8B5CF77824E6}" = Initio USB Default Controller Driver 32-bit
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{b02df929-29a7-4fd2-9a70-81a644b635f7}" = HP Total Care Advisor
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7148D71-0A8F-4501-96B4-4E1CC67F874E}" = Microsoft Default Manager
"{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer
"{BA4DA261-CB60-4690-B202-44998DFC6986}" = Microsoft SQL Server 2008 Setup Support Files
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D03E7B00-CA85-4684-9321-1888873C34BD}" = ArcSoft PhotoImpression 6
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D0E604A0-5C90-4212-88B5-2AFCFF134FB5}" = MSN Toolbar
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D45E8C45-B601-4A80-AFD8-E16338744DE1}" = ArcSoft Panorama Maker 4
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4B48349-A165-4097-8D78-AC950BD8638E}" = Business Contact Manager for Microsoft Outlook 2010
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skypeâ„¢ 5.0
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
"{F7F3B252-E772-48AA-93EB-7964BC326067}" = MSCU for Microsoft Vista
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"7-Zip" = 7-Zip 4.65
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"avast" = avast! Free Antivirus
"Business Contact Manager" = Business Contact Manager for Microsoft Outlook 2010
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"LogonStudio Vista" = LogonStudio Vista
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Silent Package Run-Time Sample" = EPSON CX7400 User's Guide
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.4
"SMSERIAL" = Motorola SM56 Data Fax Modem
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TomTom HOME" = TomTom HOME 2.7.6.2056
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.6h
"WildTangent hp Master Uninstall" = My HP Games
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3323131343-1183404410-2123129801-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/21/2010 2:12:15 PM | Computer Name = Nick-PC | Source = Google Update | ID = 20
Description =

Error - 7/21/2010 3:55:44 PM | Computer Name = Nick-PC | Source = Google Update | ID = 20
Description =

Error - 7/21/2010 4:12:15 PM | Computer Name = Nick-PC | Source = Google Update | ID = 20
Description =

Error - 7/25/2010 2:46:51 PM | Computer Name = Nick-PC | Source = Google Update | ID = 20
Description =

Error - 7/25/2010 3:12:05 PM | Computer Name = Nick-PC | Source = Google Update | ID = 20
Description =

Error - 7/28/2010 12:30:35 AM | Computer Name = Nick-PC | Source = Google Update | ID = 20
Description =

Error - 7/29/2010 4:12:01 PM | Computer Name = Nick-PC | Source = Google Update | ID = 20
Description =

Error - 7/31/2010 9:36:26 AM | Computer Name = Nick-PC | Source = Google Update | ID = 20
Description =

Error - 8/2/2010 2:03:46 AM | Computer Name = Nick-PC | Source = Google Update | ID = 20
Description =

Error - 8/6/2010 2:49:24 PM | Computer Name = Nick-PC | Source = Windows Search Service | ID = 3013
Description =

[ Media Center Events ]
Error - 11/6/2008 8:45:22 PM | Computer Name = Nick-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 3/2/2009 8:23:25 PM | Computer Name = Nick-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 10/11/2009 10:13:41 PM | Computer Name = Nick-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 7/19/2010 11:14:07 PM | Computer Name = Nick-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

[ System Events ]
Error - 3/18/2011 11:04:54 PM | Computer Name = Nick-PC | Source = DCOM | ID = 10005
Description =

Error - 3/18/2011 11:05:01 PM | Computer Name = Nick-PC | Source = DCOM | ID = 10005
Description =

Error - 3/18/2011 11:05:02 PM | Computer Name = Nick-PC | Source = DCOM | ID = 10005
Description =

Error - 3/18/2011 11:05:34 PM | Computer Name = Nick-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 3/18/2011 11:05:34 PM | Computer Name = Nick-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 3/18/2011 11:05:41 PM | Computer Name = Nick-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 3/18/2011 11:05:41 PM | Computer Name = Nick-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 3/18/2011 11:05:41 PM | Computer Name = Nick-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 3/18/2011 11:06:46 PM | Computer Name = Nick-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 3/18/2011 11:06:46 PM | Computer Name = Nick-PC | Source = Service Control Manager | ID = 7031
Description =

< End of report >

Log in or Sign up

Inactive MBAM, GMER, MBR, and DDS logs

MinnesotaMike Geek Member Thread Starter

MinnesotaMike Geek Member Thread Starter

broni Moderator Malware Analyst

MinnesotaMike Geek Member Thread Starter

MinnesotaMike Geek Member Thread Starter

broni Moderator Malware Analyst

MinnesotaMike Geek Member Thread Starter

MinnesotaMike Geek Member Thread Starter

broni Moderator Malware Analyst

MinnesotaMike Geek Member Thread Starter

broni Moderator Malware Analyst

MinnesotaMike Geek Member Thread Starter

broni Moderator Malware Analyst

MinnesotaMike Geek Member Thread Starter

MinnesotaMike Geek Member Thread Starter

broni Moderator Malware Analyst

MinnesotaMike Geek Member Thread Starter

broni Moderator Malware Analyst

MinnesotaMike Geek Member Thread Starter

MinnesotaMike Geek Member Thread Starter

Share This Page

Log in or Sign up

Inactive MBAM, GMER, MBR, and DDS logs

MinnesotaMike Geek Member Thread Starter

MinnesotaMike Geek Member Thread Starter

broni Moderator Malware Analyst

MinnesotaMike Geek Member Thread Starter

MinnesotaMike Geek Member Thread Starter

broni Moderator Malware Analyst

MinnesotaMike Geek Member Thread Starter

MinnesotaMike Geek Member Thread Starter

broni Moderator Malware Analyst

MinnesotaMike Geek Member Thread Starter

broni Moderator Malware Analyst

MinnesotaMike Geek Member Thread Starter

broni Moderator Malware Analyst

MinnesotaMike Geek Member Thread Starter

MinnesotaMike Geek Member Thread Starter

broni Moderator Malware Analyst

MinnesotaMike Geek Member Thread Starter

broni Moderator Malware Analyst

MinnesotaMike Geek Member Thread Starter

MinnesotaMike Geek Member Thread Starter

Share This Page

Useful Searches