1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Everytime I open a folder(e.g. My Computer, My Documents) Explorer.exe crashe

Discussion in 'Virus & Other Malware Removal' started by white_knight2990, Jan 27, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. white_knight2990

    white_knight2990 Thread Starter

    Joined:
    Jan 27, 2011
    Messages:
    20
    Tech Support Guy System Info Utility version 1.0.0.1
    OS Version: Microsoft Windows XP Home Edition, Service Pack 3, 32 bit
    Processor: Intel(R) Pentium(R) M processor 2.00GHz, x86 Family 6 Model 13 Stepping 6
    Processor Count: 1
    RAM: 1014 Mb
    Graphics Card: Intel(R) 82852/82855 GM/GME Graphics Controller, 1 Mb
    Hard Drives: C: Total - 71694 MB, Free - 2229 MB;
    Motherboard: IBM, 2887W57, Not Available, VJ0NX5BA2KV
    Antivirus: Symantec AntiVirus Corporate Edition, Updated: Yes, On-Demand Scanner: Enabled

    Hey, I noticed this was posted a few times, but I had attempted the solutions there and didn't seem to work. Every time I open a folder, any folder, explorer.exe either freezes or crashes. I tried being patient to see if it was just running incredibly slow, to no avail. Please help! I have included the log file of my processes running below;

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 9:26:30 AM, on 27/01/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\ibmpmsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\WINDOWS\system32\drivers\dcfssvc.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    c:\program files\lenovo\system update\suservice.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\system32\TpKmpSVC.exe
    C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
    C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
    C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\ThinkPad\ConnectUtilities\AcMurocHlpr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\TpShocks.exe
    C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
    C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
    C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
    C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
    C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe
    C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\Creative\Shared Files\CTSched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
    C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
    C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
    C:\WINDOWS\V0250Mon.exe
    C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
    C:\Program Files\Creative\Shared Files\Software Update\AutoUpdate.exe
    C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
    C:\Program Files\Creative\MediaSource5\MtdAcqu.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
    C:\Program Files\IBM ThinkVantage\Client Security Solution\pwmgr.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\DOCUME~1\KB\LOCALS~1\Temp\HouseCall\housecall.bin
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\WINDOWS\explorer.exe
    C:\Documents and Settings\KB\My Documents\Downloads\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=16796S&l=dis
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ca.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
    R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {BE1A344F-9FF5-4024-949B-52205E6DB2D0} - C:\Program Files\Applications\iebt.dll (file missing)
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
    O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
    O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
    O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
    O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe
    O4 - HKLM\..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
    O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
    O4 - HKLM\..\Run: [cssauth] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent
    O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe"
    O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
    O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
    O4 - HKLM\..\Run: [BLOG] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,[email protected]
    O4 - HKLM\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon
    O4 - HKLM\..\Run: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
    O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
    O4 - HKLM\..\Run: [V0250Mon.exe] C:\WINDOWS\V0250Mon.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Creative Software Update] "C:\Program Files\Creative\Shared Files\Software Update\AutoUpdate.exe" /Silent
    O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
    O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
    O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [jyeyjumy] C:\Documents and Settings\KB\Local Settings\Application Data\vrsuxwhnx\ygnohdrtssd.exe
    O4 - HKCU\..\Run: [asam] C:\WINDOWS\asam.exe
    O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    O4 - HKUS\S-1-5-18\..\RunOnce: [configmsi] cmd /c "rmdir /q C:\config.msi" (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [supportdir] cmd /c "rmdir /q /s "C:\WINDOWS\TEMP\{BF90215F-2D7B-4C84-8A24-A03BC41B95DD}"" (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [configmsi] cmd /c "rmdir /q C:\config.msi" (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.howtoiexplorer.com/redirect.php (file missing)
    O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.howtoiexplorer.com/redirect.php (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\KB\Start Menu\Programs\Accessories\IMVU\Run IMVU.lnk (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [JAVA_IBM] Java (IBM)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
    O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
    O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsAuxs.exe (file missing)
    O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsSvc.exe (file missing)
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: System Update (SUService) - - c:\program files\lenovo\system update\suservice.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
    O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
    O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
    O23 - Service: TVT Scheduler - Unknown owner - C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 18346 bytes

    I also included an uninstall list below as well;

    µTorrent
    Access IBM
    Access IBM Message Center
    Ad-Aware SE Personal
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 7.1.0
    Adobe Shockwave Player 11.5
    Advanced Video FX Engine
    Advanced Video FX Utility
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Audacity 1.2.6
    AudibleManager
    Auslogics Disk Defrag
    Bonjour
    Canon Camera Access Library
    Canon Camera Support Core Library
    Canon Camera Window DC_DV 5 for ZoomBrowser EX
    Canon Camera Window DC_DV 6 for ZoomBrowser EX
    Canon Camera Window MC 6 for ZoomBrowser EX
    Canon G.726 WMP-Decoder
    Canon MovieEdit Task for ZoomBrowser EX
    Canon RAW Image Task for ZoomBrowser EX
    Canon RemoteCapture Task for ZoomBrowser EX
    Canon Utilities EOS Utility
    Canon Utilities PhotoStitch
    Canon Utilities ZoomBrowser EX
    Compatibility Pack for the 2007 Office system
    Creative Live! Cam Center
    Creative Live! Cam Doodling
    Creative Live! Cam Notebook Pro Driver (1.02.06.0627)
    Creative Live! Cam Notebook Pro User's Guide (English)
    Creative MediaSource 5
    Creative Photo Calendar
    Creative Photo Manager
    Creative Removable Disk Manager
    Creative Software AutoUpdate
    Creative System Information
    Creative WebCam Center
    DivX Codec
    Google Update Helper
    Hotfix 2050 for SQL Server 2000 ENU (KB948110)
    Hotfix 2055 for SQL Server 2000 ENU (KB960082)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format SDK (KB902344)
    Hotfix for Windows Media Format SDK (KB910998)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954708)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    IBM 32-bit Runtime Environment for Java 2, v1.4.1
    IBM Active Protection System
    IBM DLA
    IBM Themes
    IBM ThinkPad Battery MaxiMiser and Power Management Features
    IBM ThinkPad Configuration
    IBM ThinkPad EasyEject Utility
    IBM ThinkPad Presentation Director
    IBM ThinkPad UltraNav Driver
    IBM ThinkPad UltraNav Wizard
    IBM ThinkVantage Technologies Welcome Message
    IBM TrackPoint Accessibility Features
    IEBrowse Tool
    IExplorer Bar
    igLoader 2,0,0,2
    Intel(R) Extreme Graphics 2 Driver
    Intel(R) PRO Network Connections Drivers
    Intel(R) PROSet/Wireless Software
    InterVideo WinDVD
    InterVideo WinDVD Creator
    iTunes
    Java(TM) 6 Update 17
    Junk Mail filter update
    Kodak EasyShare software
    LAME v3.98.3 for Audacity
    Lexmark 3300 Series
    Lexmark Fax Solutions
    LiveUpdate 2.6 (Symantec Corporation)
    McAfee Security Scan Plus
    mCore
    mDriver
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 3.5 SP1
    Microsoft Choice Guard
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    Microsoft Office Live Add-in 1.3
    Microsoft Office Outlook 2003 with Business Contact Manager Update
    Microsoft Office Outlook Connector
    Microsoft Office Professional Edition 2003
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable
    mMHouse
    Mozilla Firefox (3.6.13)
    mPfMgr
    mProSafe
    MSVCRT
    MSXML 4.0 SP2 (KB925672)
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6 Service Pack 2 (KB973686)
    mWlsSafe
    mXML
    Norton WMI Update
    PC Matic 1.0.0.16
    PDC2030
    QuickTime
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    RealUpgrade 1.1
    Rescue and Recovery - Client Security Solution
    Security Update for CAPICOM (KB931906)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950759)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953838)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956390)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958215)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960714)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB963027)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969897)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974455)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB976325)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Segoe UI
    Skype™ 3.2
    Sonic RecordNow!
    Sonic Update Manager
    SoundMAX
    Symantec AntiVirus
    System Update
    ThinkPad FullScreen Magnifier
    ThinkPad Integrated 56K Modem
    ThinkPad Keyboard Customizer Utility
    ThinkPad Power Management Driver
    ThinkPad Software Installer
    ThinkVantage Access Connections
    Unity Web Player
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB978506)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update for Windows XP (KB976749)
    Update for Windows XP (KB978207)
    VC80CRTRedist - 8.0.50727.4053
    Wallpapers
    Warning Center
    Windows Defender
    Windows Defender Signatures
    Windows Imaging Component
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live Mail
    Windows Live Messenger
    Windows Live OneCare safety scanner
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Toolbar
    Windows Live Upload Tool
    Windows Live Writer
    Windows Media Format 11 runtime
    Windows Media Format 11 runtime
    Windows Media Player 10
    Windows Media Player 10 Hotfix - KB895316
    Windows Media Video 9 Advanced Profile Codec
    Windows Safety Alert
    Windows XP Service Pack 3
    WinRAR archiver
    WinZip
    Xvid 1.1.2 final uninstall
    Yahoo! Messenger
    Yahoo! Search Protection
    Yahoo! Software Update

    Please help if you can, also let me know if you need anymore information. Thanks!
     
  2. Phantom010

    Phantom010 Trusted Advisor

    Joined:
    Mar 9, 2009
    Messages:
    34,796
    First of all, your computer is infected. Please click on Report and kindly ask to be moved to the Virus & Other Malware Removal forum. Be sure to provide the appropriate reports in that forum after reading THIS. From there, be patient. You should get an answer within the next 48 hours. Those guys are really busy!

    Next,

    You have Norton and McAfee on the same computer. Never install more than one antivirus.

    To remove McAfee, first uninstall it from "Add or remove programs". Next, run the McAfee Consumer Product Removal Tool.

    If you decide to remove Norton, run the Norton Removal Tool.


    You also have leftovers from a bad PC Tools uninstall:

    Click Start > Run > type CMD

    In the command prompt, type:

    sc delete sdAuxService

    Press Enter.

    sc delete sdCoreService

    Press Enter.

    ===================================================================

    You have a severely bloated Startup directory. If you wish, we can trim it down once you're all clear of malware.
     
  3. white_knight2990

    white_knight2990 Thread Starter

    Joined:
    Jan 27, 2011
    Messages:
    20
    Thanks Phantom010, I've moved my request over. I had run several virus scans and it kept coming back as being clean, so I was unaware that I was, indeed, infected with something. Thanks for letting me know and for the help. :)
     
  4. Phantom010

    Phantom010 Trusted Advisor

    Joined:
    Mar 9, 2009
    Messages:
    34,796
    You're welcome!
     
  5. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    35,718
    Hiya

    P2P Warning!

    • IMPORTANT I notice there are signs of a P2P (Person to Person) File Sharing Program on your computer.

      µTorrent


      Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
      Once upon a time, P2P file sharing was fairly safe. That is no longer true. You may continue to use P2P sharing at your own risk; however, please keep in mind that this practice may be the source of your current malware infestation

      I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

      Please read these short reports on the dangers of peer-2-peer programs and file sharing.

      I would recommend that you uninstall the above, however that choice is up to you. If you choose to remove this program, you can do so via Control Panel >> Add or Remove Programs.

      If you decide to keep the program in spite of the risks involved, do not use it until I have finished cleaning your computer and have given you the all clear.

    ===========

    Now, onto the malware :)

    After doing the above that Phantom has posted, can you do this:

    Download TFC by OldTimer to your desktop
    • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
    • It will close all programs when run, so make sure you have saved all your work before you begin.
    • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
    • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.



    Please download Malwarebytes' Anti-Malware from Here or Here

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






    Download and scan with SUPERAntiSpyware Free for Home Users
    • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    • An icon will be created on your desktop. Double-click that icon to launch the program.
    • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
    • Under "Configuration and Preferences", click the Preferences button.
    • Click the Scanning Control tab.
    • Under Scanner Options make sure the following are checked (leave all others unchecked):
      • Close browsers before scanning.
      • Scan for tracking cookies.
      • Terminate memory threats before quarantining.
    • Click the "Close" button to leave the control center screen.
    • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive.
    • On the right, under "Complete Scan", choose Perform Complete Scan.
    • Click "Next" to start the scan. Please be patient while it scans your computer.
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes".
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.
      • Click Preferences, then click the Statistics/Logs tab.
      • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
      • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
      • Please copy and paste the Scan Log results in your next reply.
    • Click Close to exit the program.

    Please include the MBAM log and, SUPERAntiSpyware Scan Log and a fresh HijackThis log in your next reply

    eddie
     
  6. white_knight2990

    white_knight2990 Thread Starter

    Joined:
    Jan 27, 2011
    Messages:
    20
    Hey, sorry for the delayed response, it's my girlfriends computer that I am working on. I have done the above mentioned and the problem's still there, in fact, it has gotten worse. Now, iexplorer.exe keeps opening on it's own, usually 2-4 of them at a time. Below are my mbam, superspyware and hijackthis logs.

    MBAM

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5643

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    03/02/2011 10:07:37 AM
    mbam-log-2011-02-03 (10-07-37).txt

    Scan type: Quick scan
    Objects scanned: 216976
    Time elapsed: 14 minute(s), 6 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 5

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\QbyEjDmJqwk.exe (Trojan.Agent) -> Value: QbyEjDmJqwk.exe -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\documents and settings\all users\application data\qbyejdmjqwk.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\documents and settings\all users\application data\bqfgxvgikap.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\documents and settings\KB\local settings\Temp\tmpD0.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\documents and settings\KB\local settings\Temp\0.47283987619367895.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\documents and settings\KB\local settings\Temp\jar_cache6205581073301631905.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

    SuperAntiSpyware


    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 02/03/2011 at 11:29 AM

    Application Version : 4.48.1000

    Core Rules Database Version : 6333
    Trace Rules Database Version: 4145

    Scan type : Quick Scan
    Total Scan Time : 01:00:09

    Memory items scanned : 671
    Memory threats detected : 0
    Registry items scanned : 2371
    Registry threats detected : 20
    File items scanned : 24962
    File threats detected : 721

    Trojan.FakeAlert-IEBT
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BE1A344F-9FF5-4024-949B-52205E6DB2D0}
    HKCR\CLSID\{BE1A344F-9FF5-4024-949B-52205E6DB2D0}
    HKCR\CLSID\{BE1A344F-9FF5-4024-949B-52205E6DB2D0}#www
    HKCR\CLSID\{BE1A344F-9FF5-4024-949B-52205E6DB2D0}\InprocServer32
    HKCR\CLSID\{BE1A344F-9FF5-4024-949B-52205E6DB2D0}\InprocServer32#ThreadingModel
    C:\PROGRAM FILES\APPLICATIONS\IEBT.DLL
    HKU\S-1-5-21-3768197577-3737562712-2379885825-1009\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BE1A344F-9FF5-4024-949B-52205E6DB2D0}
    HKU\S-1-5-21-3768197577-3737562712-2379885825-1009\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{144A6B24-0EBC-4D89-BF09-A06A718E57B5}
    HKCR\CLSID\{144A6B24-0EBC-4D89-BF09-A06A718E57B5}
    HKCR\CLSID\{BE1A344F-9FF5-4024-949B-52205E6DB2D0}

    Adware.Tracking Cookie
    C:\Documents and Settings\KB\Cookies\[email protected][2].txt
    C:\Documents and Settings\KB\Cookies\[email protected][1].txt
    C:\Documents and Settings\KB\Cookies\[email protected][2].txt
    C:\Documents and Settings\KB\Cookies\[email protected][1].txt
    C:\Documents and Settings\KB\Cookies\[email protected][2].txt
    C:\Documents and Settings\KB\Cookies\[email protected][2].txt
    C:\Documents and Settings\KB\Cookies\[email protected][1].txt
    C:\Documents and Settings\KB\Cookies\[email protected][2].txt
    C:\Documents and Settings\KB\Cookies\[email protected][2].txt
    C:\Documents and Settings\KB\Cookies\[email protected][2].txt
    C:\Documents and Settings\KB\Cookies\[email protected][1].txt
    C:\Documents and Settings\KB\Cookies\[email protected][1].txt
    C:\Documents and Settings\KB\Cookies\[email protected][3].txt
    C:\Documents and Settings\KB\Cookies\[email protected][1].txt
    C:\Documents and Settings\KB\Cookies\[email protected][2].txt
    C:\Documents and Settings\KB\Cookies\[email protected][2].txt
    C:\Documents and Settings\KB\Cookies\[email protected][1].txt
    C:\Documents and Settings\KB\Cookies\[email protected][1].txt
    C:\Documents and Settings\KB\Cookies\[email protected][2].txt
    C:\Documents and Settings\KB\Cookies\[email protected][3].txt
    C:\Documents and Settings\KB\Cookies\[email protected][2].txt
    C:\Documents and Settings\KB\Cookies\[email protected][1].txt
    C:\Documents and Settings\KB\Cookies\[email protected][1].txt
    C:\Documents and Settings\KB\Cookies\[email protected][1].txt
    C:\Documents and Settings\KB\Cookies\[email protected][1].txt
    C:\Documents and Settings\KB\Cookies\[email protected][1].txt
    C:\Documents and Settings\KB\Cookies\[email protected][1].txt
    C:\Documents and Settings\KB\Cookies\[email protected][2].txt
    C:\Documents and Settings\KB\Cookies\[email protected][1].txt
    C:\Documents and Settings\KB\Cookies\[email protected][2].txt
    C:\Documents and Settings\KB\Cookies\[email protected][3].txt
    C:\Documents and Settings\KB\Cookies\[email protected][1].txt
    C:\Documents and Settings\KB\Cookies\[email protected][3].txt
    C:\Documents and Settings\KB\Cookies\[email protected][1].txt
    C:\Documents and Settings\KB\Cookies\[email protected][1].txt
    C:\Documents and Settings\KB\Cookies\[email protected][1].txt
    C:\Documents and Settings\KB\Cookies\[email protected][2].txt
    C:\Documents and Settings\KB\Cookies\[email protected][1].txt
    C:\Documents and Settings\KB\Cookies\[email protected][1].txt
    C:\Documents and Settings\KB\Cookies\[email protected][1].txt
    C:\Documents and Settings\KB\Cookies\[email protected][2].txt
    C:\Documents and Settings\KB\Cookies\[email protected][2].txt
    C:\Documents and Settings\KB\Cookies\[email protected][2].txt
    C:\Documents and Settings\KB\Cookies\[email protected][1].txt
    C:\Documents and Settings\KB\Cookies\[email protected][2].txt
    C:\Documents and Settings\KB\Cookies\[email protected][2].txt
    C:\Documents and Settings\KB\Cookies\[email protected][2].txt
    C:\Documents and Settings\KB\Cookies\[email protected][2].txt
    C:\Documents and Settings\KB\Cookies\[email protected][3].txt
    C:\Documents and Settings\KB\Cookies\[email protected][2].txt
    C:\Documents and Settings\KB\Cookies\[email protected][1].txt
    C:\Documents and Settings\KB\Cookies\[email protected][2].txt
    C:\Documents and Settings\KB\Cookies\[email protected][2].txt
    C:\Documents and Settings\KB\Cookies\[email protected][2].txt
    C:\Documents and Settings\KB\Cookies\[email protected][1].txt
    C:\Documents and Settings\KB\Cookies\[email protected][1].txt
    C:\Documents and Settings\KB\Cookies\[email protected][2].txt
    C:\Documents and Settings\KB\Cookies\[email protected][1].txt
    C:\Documents and Settings\KB\Cookies\[email protected][1].txt
    C:\Documents and Settings\KB\Cookies\[email protected][1].txt
    C:\Documents and Settings\KB\Cookies\[email protected][1].txt
    C:\Documents and Settings\KB\Cookies\[email protected][2].txt
    C:\Documents and Settings\KB\Cookies\[email protected][1].txt
    C:\Documents and Settings\KB\Cookies\[email protected][1].txt
    C:\Documents and Settings\KB\Cookies\[email protected][2].txt
    C:\Documents and Settings\KB\Cookies\[email protected][1].txt
    C:\Documents and Settings\KB\Cookies\[email protected][1].txt
    C:\Documents and Settings\KB\Cookies\[email protected][2].txt
    C:\Documents and Settings\KB\Cookies\[email protected][2].txt
    C:\Documents and Settings\KB\Cookies\[email protected][2].txt
    C:\Documents and Settings\KB\Cookies\[email protected][1].txt
    C:\Documents and Settings\KB\Cookies\[email protected][1].txt
    C:\Documents and Settings\KB\Cookies\[email protected][1].txt
    C:\Documents and Settings\KB\Cookies\[email protected][1].txt
    C:\Documents and Settings\KB\Cookies\[email protected][2].txt
    C:\Documents and Settings\KB\Cookies\[email protected][2].txt
    C:\Documents and Settings\KB\Cookies\[email protected][2].txt
    C:\Documents and Settings\KB\Cookies\[email protected][1].txt
    .doubleclick.net [ C:\Documents and Settings\Administrator.AGREENHILL\Application Data\Mozilla\Firefox\Profiles\r52di1ce.default\cookies.sqlite ]
    .kontera.com [ C:\Documents and Settings\Administrator.AGREENHILL\Application Data\Mozilla\Firefox\Profiles\r52di1ce.default\cookies.sqlite ]
    .kontera.com [ C:\Documents and Settings\Administrator.AGREENHILL\Application Data\Mozilla\Firefox\Profiles\r52di1ce.default\cookies.sqlite ]
    .kontera.com [ C:\Documents and Settings\Administrator.AGREENHILL\Application Data\Mozilla\Firefox\Profiles\r52di1ce.default\cookies.sqlite ]
    .atdmt.com [ C:\Documents and Settings\Administrator.AGREENHILL.000\Application Data\Mozilla\Firefox\Profiles\z7kd8ynd.default\cookies.sqlite ]
    .atdmt.com [ C:\Documents and Settings\Administrator.AGREENHILL.000\Application Data\Mozilla\Firefox\Profiles\z7kd8ynd.default\cookies.sqlite ]
    .atdmt.com [ C:\Documents and Settings\Administrator.AGREENHILL.000\Application Data\Mozilla\Firefox\Profiles\z7kd8ynd.default\cookies.sqlite ]
    .atdmt.com [ C:\Documents and Settings\Administrator.AGREENHILL.000\Application Data\Mozilla\Firefox\Profiles\z7kd8ynd.default\cookies.sqlite ]
    .bellcan.adbureau.net [ C:\Documents and Settings\Administrator.AGREENHILL.000\Application Data\Mozilla\Firefox\Profiles\z7kd8ynd.default\cookies.sqlite ]
    .doubleclick.net [ C:\Documents and Settings\Administrator.AGREENHILL.000\Application Data\Mozilla\Firefox\Profiles\z7kd8ynd.default\cookies.sqlite ]
    C:\Documents and Settings\Administrator.AGREENHILL.000\Cookies\[email protected][1].txt
    C:\Documents and Settings\Administrator.AGREENHILL.000\Cookies\[email protected][1].txt
    C:\Documents and Settings\Administrator.AGREENHILL.000\Cookies\[email protected][1].txt
    C:\Documents and Settings\Administrator.AGREENHILL.000\Cookies\[email protected][1].txt
    C:\Documents and Settings\Administrator.AGREENHILL.000\Cookies\[email protected][1].txt
    ad.yieldmanager.com [ C:\Documents and Settings\Administrator.AGREENHILL.001\Application Data\Mozilla\Firefox\Profiles\uzp0hn5o.default\cookies.sqlite ]
    ad.yieldmanager.com [ C:\Documents and Settings\Administrator.AGREENHILL.001\Application Data\Mozilla\Firefox\Profiles\uzp0hn5o.default\cookies.sqlite ]
    ad.yieldmanager.com [ C:\Documents and Settings\Administrator.AGREENHILL.001\Application Data\Mozilla\Firefox\Profiles\uzp0hn5o.default\cookies.sqlite ]
    ad.yieldmanager.com [ C:\Documents and Settings\Administrator.AGREENHILL.001\Application Data\Mozilla\Firefox\Profiles\uzp0hn5o.default\cookies.sqlite ]
    .content.yieldmanager.com [ C:\Documents and Settings\Administrator.AGREENHILL.001\Application Data\Mozilla\Firefox\Profiles\uzp0hn5o.default\cookies.sqlite ]
    ad.yieldmanager.com [ C:\Documents and Settings\Administrator.AGREENHILL.001\Application Data\Mozilla\Firefox\Profiles\uzp0hn5o.default\cookies.sqlite ]
    .content.yieldmanager.com [ C:\Documents and Settings\Administrator.AGREENHILL.001\Application Data\Mozilla\Firefox\Profiles\uzp0hn5o.default\cookies.sqlite ]
    ad.yieldmanager.com [ C:\Documents and Settings\Administrator.AGREENHILL.001\Application Data\Mozilla\Firefox\Profiles\uzp0hn5o.default\cookies.sqlite ]
    .apmebf.com [ C:\Documents and Settings\Administrator.AGREENHILL.001\Application Data\Mozilla\Firefox\Profiles\uzp0hn5o.default\cookies.sqlite ]
    .mediaplex.com [ C:\Documents and Settings\Administrator.AGREENHILL.001\Application Data\Mozilla\Firefox\Profiles\uzp0hn5o.default\cookies.sqlite ]
    .mediaplex.com [ C:\Documents and Settings\Administrator.AGREENHILL.001\Application Data\Mozilla\Firefox\Profiles\uzp0hn5o.default\cookies.sqlite ]
    .doubleclick.net [ C:\Documents and Settings\Administrator.AGREENHILL.001\Application Data\Mozilla\Firefox\Profiles\uzp0hn5o.default\cookies.sqlite ]
    ad.yieldmanager.com [ C:\Documents and Settings\Administrator.AGREENHILL.001\Application Data\Mozilla\Firefox\Profiles\uzp0hn5o.default\cookies.sqlite ]
    .kontera.com [ C:\Documents and Settings\Administrator.AGREENHILL.001\Application Data\Mozilla\Firefox\Profiles\uzp0hn5o.default\cookies.sqlite ]
    .kontera.com [ C:\Documents and Settings\Administrator.AGREENHILL.001\Application Data\Mozilla\Firefox\Profiles\uzp0hn5o.default\cookies.sqlite ]
    .kontera.com [ C:\Documents and Settings\Administrator.AGREENHILL.001\Application Data\Mozilla\Firefox\Profiles\uzp0hn5o.default\cookies.sqlite ]
    .adserver.adtechus.com [ C:\Documents and Settings\Administrator.AGREENHILL.001\Application Data\Mozilla\Firefox\Profiles\uzp0hn5o.default\cookies.sqlite ]
    .revsci.net [ C:\Documents and Settings\Administrator.AGREENHILL.001\Application Data\Mozilla\Firefox\Profiles\uzp0hn5o.default\cookies.sqlite ]
    .revsci.net [ C:\Documents and Settings\Administrator.AGREENHILL.001\Application Data\Mozilla\Firefox\Profiles\uzp0hn5o.default\cookies.sqlite ]
    .revsci.net [ C:\Documents and Settings\Administrator.AGREENHILL.001\Application Data\Mozilla\Firefox\Profiles\uzp0hn5o.default\cookies.sqlite ]
    .revsci.net [ C:\Documents and Settings\Administrator.AGREENHILL.001\Application Data\Mozilla\Firefox\Profiles\uzp0hn5o.default\cookies.sqlite ]
    .revsci.net [ C:\Documents and Settings\Administrator.AGREENHILL.001\Application Data\Mozilla\Firefox\Profiles\uzp0hn5o.default\cookies.sqlite ]
    .adserver.adtechus.com [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    ad.yieldmanager.com [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    ad.yieldmanager.com [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    ad.yieldmanager.com [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    .doubleclick.net [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    .revsci.net [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    .revsci.net [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    ads.networldmedia.net [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    ads.networldmedia.net [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    .videoegg.adbureau.net [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    .atdmt.com [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    .bellcan.adbureau.net [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    .advertising.com [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    .advertising.com [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    .advertising.com [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    .advertising.com [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    .casalemedia.com [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    .game-advertising-online.com [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    .hitbox.com [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    .ehg-lgusa.hitbox.com [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    .lgelectronics.122.2o7.net [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    .atdmt.com [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    .atdmt.com [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    .atdmt.com [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    .casalemedia.com [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    .casalemedia.com [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    .casalemedia.com [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    .sympatico.112.2o7.net [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    .2o7.net [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    .advertising.com [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    .yieldmanager.net [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    .apmebf.com [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    .mediaplex.com [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    .mediaplex.com [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    .adinterax.com [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    .adinterax.com [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    ad.yieldmanager.com [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    ad.yieldmanager.com [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    .content.yieldmanager.com [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    .msnportal.112.2o7.net [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    www.googleadservices.com [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    .fastclick.net [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    .fastclick.net [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    .fastclick.net [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    .adxpose.com [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    .fastclick.net [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    .popcapgames.122.2o7.net [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    .casalemedia.com [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    .casalemedia.com [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    .r1-ads.ace.advertising.com [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    .trafficmp.com [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    .trafficmp.com [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    .trafficmp.com [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    .tribalfusion.com [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    ad.yieldmanager.com [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    ad.yieldmanager.com [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    .content.yieldmanager.com [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    .adcentriconline.com [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    .insightexpressai.com [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    .kontera.com [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    ad.yieldmanager.com [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    .invitemedia.com [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    .invitemedia.com [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    pixel.invitemedia.com [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    .invitemedia.com [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    .invitemedia.com [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    .invitemedia.com [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    .invitemedia.com [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    .invitemedia.com [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    .media6degrees.com [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    .media6degrees.com [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    .media6degrees.com [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    .bs.serving-sys.com [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    .serving-sys.com [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    .serving-sys.com [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    .serving-sys.com [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    .serving-sys.com [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    .imrworldwide.com [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    .imrworldwide.com [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    .2o7.net [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    .at.atwola.com [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    .tacoda.at.atwola.com [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    .tacoda.at.atwola.com [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    .tacoda.at.atwola.com [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    .tacoda.at.atwola.com [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    .tacoda.at.atwola.com [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    .at.atwola.com [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    .advertising.com [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    .advertising.com [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    .kontera.com [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    .kontera.com [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    .kontera.com [ C:\Documents and Settings\Administrator.AGREENHILL.002\Application Data\Mozilla\Firefox\Profiles\yyuqy3x7.default\cookies.sqlite ]
    vitamine.networldmedia.net [ C:\Documents and Settings\Audrey\Application Data\Macromedia\Flash Player\#SharedObjects\DGRKUX7D ]
    .bellcan.adbureau.net [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .atdmt.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .advertising.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .advertising.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .advertising.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .advertising.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .casalemedia.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .casalemedia.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .casalemedia.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .canadapost.112.2o7.net [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .sympatico.112.2o7.net [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .2o7.net [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .atdmt.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .atdmt.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .doubleclick.net [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .casalemedia.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .eharmony.112.2o7.net [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    ad.yieldmanager.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    ad.yieldmanager.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    ad.yieldmanager.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .trafficmp.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .trafficmp.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .interclick.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .interclick.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .adbrite.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .adbrite.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .videoegg.adbureau.net [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    ads.networldmedia.net [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    ads.networldmedia.net [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .vitamine.networldmedia.net [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .2o7.net [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .msnportal.112.2o7.net [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .at.atwola.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .tacoda.net [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .tacoda.net [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .tacoda.net [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .advertising.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .advertising.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .adcentriconline.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .at.atwola.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .adserver.adtechus.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .bs.serving-sys.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .serving-sys.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .serving-sys.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .serving-sys.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .serving-sys.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .serving-sys.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .casalemedia.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .apmebf.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .mediaplex.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .yieldmanager.net [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .e-2dj6wfmyugcpshp.stats.esomniture.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .e-2dj6wjny-1jczge.stats.esomniture.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .imrworldwide.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .imrworldwide.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .bellcan.adbureau.net [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .invitemedia.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .invitemedia.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .trafficmp.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .trafficmp.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .trafficmp.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .classmates.112.2o7.net [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .revsci.net [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .realmedia.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .uol.realmedia.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .realmedia.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .mediaplex.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .247realmedia.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .vitamine.networldmedia.net [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    vitamine.networldmedia.net [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    vitamine.networldmedia.net [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .vitamine.networldmedia.net [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .dmtracker.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    ad.yieldmanager.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .serving-sys.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .serving-sys.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .bellcan.adbureau.net [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .tribalfusion.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .bluestreak.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .interclick.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .burstnet.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .s.clickability.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .s.clickability.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .tripod.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .tripod.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    ads.networldmedia.net [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .mediaplex.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .mediaplex.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    rotator.adjuggler.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    rotator.adjuggler.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .collective-media.net [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .invitemedia.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .kontera.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .kontera.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .kontera.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .media6degrees.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .media6degrees.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .media6degrees.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .media6degrees.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .chitika.net [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .ads.pointroll.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .pointroll.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .pointroll.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .ads.pointroll.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .ads.pointroll.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .ads.pointroll.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .ads.pointroll.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .ads.pointroll.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .ads.pointroll.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .invitemedia.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .invitemedia.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .invitemedia.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .adbrite.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .zedo.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .zedo.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    ad.yieldmanager.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .statcounter.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .adecn.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .zedo.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .intermundomedia.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    statse.webtrendslive.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .2o7.net [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .2o7.net [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .2o7.net [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .2o7.net [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .media6degrees.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .media6degrees.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .msnaccountservices.112.2o7.net [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .bellcan.adbureau.net [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .bellcan.adbureau.net [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    cdn4.specificclick.net [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    cdn4.specificclick.net [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .specificclick.net [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    cdn4.specificclick.net [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    cdn4.specificclick.net [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .overture.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .overture.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .clickability.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .clickability.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .fastclick.net [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .fastclick.net [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .specificclick.net [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .ru4.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .ru4.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .ru4.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .ihg.db.advertising.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .questionmarket.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .atdmt.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .2o7.net [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .2o7.net [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .find.mapmuse.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .find.mapmuse.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .torstardigital.122.2o7.net [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    citi.bridgetrack.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .fastclick.net [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .fastclick.net [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .invitemedia.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .ru4.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .atdmt.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .2o7.net [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .specificclick.net [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .specificclick.net [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .specificmedia.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .ads.pointroll.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .fastclick.net [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .airmilesrewardprogram.112.2o7.net [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .revsci.net [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .revsci.net [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .revsci.net [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .xiti.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .networldmedia.net [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .networldmedia.net [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .networldmedia.net [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .networldmedia.net [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .trafficmp.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .www.livingthequestions.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .livingthequestions.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .livingthequestions.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    www.livingthequestions.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .atdmt.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    rbc.bridgetrack.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    gotacha.rotator.hadj7.adjuggler.net [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .questionmarket.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .realmedia.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .2o7.net [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .canoe.112.2o7.net [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .invitemedia.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .revsci.net [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    rbc.bridgetrack.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .advertising.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    stats.gtxp.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .casalemedia.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .networldmedia.net [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .networldmedia.net [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .casalemedia.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    www.googleadservices.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .dealtime.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    stat.dealtime.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    user.lucidmedia.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .tacoda.at.atwola.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .tacoda.at.atwola.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .at.atwola.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .r1-ads.ace.advertising.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    ad.yieldmanager.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .casalemedia.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .casalemedia.com [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    .findugliest.org [ C:\Documents and Settings\Audrey\Application Data\Mozilla\Firefox\Profiles\yu8hf3su.default\cookies.sqlite ]
    C:\Documents and Settings\Audrey\Cookies\[email protected][2].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][2].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][2].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][1].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][1].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][1].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][1].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][1].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][2].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][1].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][3].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][1].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][1].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][5].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][1].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][2].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][1].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][3].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][1].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][1].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][1].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][4].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][2].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][3].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][1].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][1].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][1].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][2].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][2].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][2].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][1].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][1].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][2].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][2].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][2].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][2].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][2].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][1].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][1].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][4].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][3].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][2].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][1].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][1].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][1].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][2].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][2].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][2].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][2].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][2].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][2].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][2].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][1].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][2].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][1].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][2].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][1].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][1].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][1].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][1].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][1].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][2].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][2].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][1].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][4].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][2].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][3].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][1].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][2].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][1].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][1].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][1].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][1].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][2].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][2].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][1].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][2].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][1].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][1].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][2].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][1].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][2].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][2].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][1].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][3].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][4].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][3].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][1].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][1].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][1].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][2].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][2].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][3].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][1].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][1].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][1].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][1].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][1].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][8].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][6].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][5].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][4].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][1].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][1].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][2].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected]ator.adjuggler[1].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][1].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][2].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][1].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][1].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][1].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][1].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][1].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][2].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][1].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][1].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][1].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][1].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][1].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][1].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][2].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][1].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][1].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][1].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][1].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][2].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][1].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][2].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][2].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][1].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][2].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][1].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][1].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][1].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][1].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][1].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][2].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][1].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][2].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][1].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][2].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][1].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][2].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][1].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][2].txt
    C:\Documents and Settings\Audrey\Cookies\[email protected][2].txt
    ad.yieldmanager.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    ad.yieldmanager.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    ad.yieldmanager.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .apmebf.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .mediaplex.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .mediaplex.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .kontera.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .kontera.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .kontera.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .microsoftsto.112.2o7.net [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .atdmt.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .atdmt.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .adserver.adtechus.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .content.yieldmanager.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .revsci.net [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .revsci.net [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .fastclick.net [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .fastclick.net [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    ad.yieldmanager.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    ad.yieldmanager.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .fastclick.net [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    tracking.servedbyy.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    www.dealfind.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .advertising.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .advertising.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .advertising.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .advertising.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .doubleclick.net [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .casalemedia.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .casalemedia.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .casalemedia.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .casalemedia.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .adinterax.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .adinterax.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .r1-ads.ace.advertising.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .lfstmedia.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .lfstmedia.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .lfstmedia.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .atdmt.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .atdmt.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .bellcan.adbureau.net [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .casalemedia.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .msnportal.112.2o7.net [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .advertising.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .advertising.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .yieldmanager.net [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .www.burstnet.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .burstnet.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .burstnet.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    www.burstbeacon.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .burstbeacon.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .statcounter.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .adxpose.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .realmedia.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .chitika.net [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .adbrite.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .adbrite.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .adserver.adtechus.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .revsci.net [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .revsci.net [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .revsci.net [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .solvemedia.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .solvemedia.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .invitemedia.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .lucidmedia.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .tribalfusion.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .intermundomedia.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .intermundomedia.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .intermundomedia.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .media6degrees.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .media6degrees.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .adultfriendfinder.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .adultfriendfinder.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .adultfriendfinder.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .adultfriendfinder.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .adultfriendfinder.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .adultfriendfinder.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .adultfriendfinder.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    rts.pgmediaserve.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    rts.pgmediaserve.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    rts.pgmediaserve.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .partypoker.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .partypoker.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .partypoker.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .partypoker.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .partypoker.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .partypoker.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .adxpansion.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .bs.serving-sys.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .serving-sys.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .serving-sys.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .serving-sys.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .serving-sys.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .popcapgames.122.2o7.net [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .pornhost.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .pornhost.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .adbrite.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .adbrite.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .adbrite.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .adbrite.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .ero-advertising.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .invitemedia.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .mediabrandsww.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .ru4.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .ru4.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .adecn.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .casalemedia.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    ad.yieldmanager.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .invitemedia.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .invitemedia.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .invitemedia.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .invitemedia.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .invitemedia.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .invitemedia.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .revsci.net [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .media6degrees.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .media6degrees.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .media6degrees.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .adcentriconline.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .collective-media.net [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .collective-media.net [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .collective-media.net [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .collective-media.net [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    www.googleadservices.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .legolas-media.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .legolas-media.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .legolas-media.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .247realmedia.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .247realmedia.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .realmedia.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .realmedia.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .trafficmp.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .trafficmp.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .trafficmp.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .fastclick.net [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .liveperson.net [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .casalemedia.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .casalemedia.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .ads.pointroll.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .pointroll.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .pointroll.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .ads.pointroll.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .ads.pointroll.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .ads.pointroll.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .ads.pointroll.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .ads.pointroll.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .ads.pointroll.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .atdmt.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .atdmt.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    ad.yieldmanager.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    ad.yieldmanager.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]
    .content.yieldmanager.com [ C:\Documents and Settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\cookies.sqlite ]

    Adware.MyWebSearch/FunWebProducts
    HKU\S-1-5-21-3768197577-3737562712-2379885825-1009\SOFTWARE\FunWebProducts
    HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
    HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid
    HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32
    HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib
    HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib#Version
    HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
    HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid
    HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid32
    HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib
    HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib#Version

    Adware.Media-Codec/ZLob
    C:\Program Files\Applications

    Trojan.Agent/Gen-FakeSoft[Gen]
    C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\UO7XNZGKILOHS.EXE

    Hijackthis

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 12:05:20 PM, on 03/02/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\ibmpmsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\WINDOWS\system32\drivers\dcfssvc.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    c:\program files\lenovo\system update\suservice.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\system32\TpKmpSVC.exe
    C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
    C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\ThinkPad\ConnectUtilities\AcMurocHlpr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\TpShocks.exe
    C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
    C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
    C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
    C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
    C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
    C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
    C:\Program Files\Windows Live\Toolbar\wltuser.exe
    C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe
    C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\Creative\Shared Files\CTSched.exe
    C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
    C:\WINDOWS\V0250Mon.exe
    C:\Program Files\Creative\Shared Files\Software Update\AutoUpdate.exe
    C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
    C:\Program Files\Creative\MediaSource5\MtdAcqu.exe
    C:\Program Files\Symantec AntiVirus\DoScan.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\IBM ThinkVantage\Client Security Solution\pwmgr.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Documents and Settings\KB\My Documents\Downloads\HijackThis.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=16796S&l=dis
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ca.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
    R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
    O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
    O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
    O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
    O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe
    O4 - HKLM\..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
    O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
    O4 - HKLM\..\Run: [cssauth] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent
    O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe"
    O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
    O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
    O4 - HKLM\..\Run: [BLOG] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,[email protected]
    O4 - HKLM\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon
    O4 - HKLM\..\Run: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
    O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
    O4 - HKLM\..\Run: [V0250Mon.exe] C:\WINDOWS\V0250Mon.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Creative Software Update] "C:\Program Files\Creative\Shared Files\Software Update\AutoUpdate.exe" /Silent
    O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
    O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
    O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-18\..\RunOnce: [configmsi] cmd /c "rmdir /q C:\config.msi" (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [supportdir] cmd /c "rmdir /q /s "C:\WINDOWS\TEMP\{BF90215F-2D7B-4C84-8A24-A03BC41B95DD}"" (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [configmsi] cmd /c "rmdir /q C:\config.msi" (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\KB\Start Menu\Programs\Accessories\IMVU\Run IMVU.lnk (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [JAVA_IBM] Java (IBM)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
    O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: System Update (SUService) - - c:\program files\lenovo\system update\suservice.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
    O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
    O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
    O23 - Service: TVT Scheduler - Unknown owner - C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 17251 bytes
     
  7. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    35,718
    That's okay, anytime is fine :)

    Download the GMER Rootkit Scanner. Unzip it to your Desktop.

    Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re-enable the protection again afterwards before connecting to the Internet.

    Double-click gmer.exe. The program will begin to run.

    **Caution**
    These types of scans can produce false positives. Do NOT take any action on any
    "<--- ROOKIT" entries unless advised!

    If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
    • Click NO
    • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
    • Now click the Scan button.
      Once the scan is complete, you may receive another notice about rootkit activity.
    • Click OK.
    • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
    • Save it where you can easily find it, such as your desktop.
    Post the contents of GMER.txt in your next reply.

    -------------

    Afterwards, can you also run this program:


    Download ComboFix from one of these locations:

    Link 1
    Link 2


    * IMPORTANT !!! As you download it rename it to username123.exe and save it to your Desktop


    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      • Remember to re-enable the protection again afterwards before connecting to the Internet.
    • Double click on ComboFix.exe & follow the prompts.

    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


    [​IMG]


    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    [​IMG]


    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt and GMER.txt in your next reply.

    eddie
     
  8. white_knight2990

    white_knight2990 Thread Starter

    Joined:
    Jan 27, 2011
    Messages:
    20
    Hi, I can't seem to be able to fully scan with GMER. It goes for about 30-45 minutes of scanning and than crashes to a blue screen. I've disabled all the programs I'm running that were included in the list, as well as disabled my screen saver and power save options to ensure continuous running. Do you have any other suggestions?
     
  9. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    35,718
    Okay, for the moment leave GMER, and just run the ComboFix as above :)

    We can try something else later instead of GMER ;)
     
  10. white_knight2990

    white_knight2990 Thread Starter

    Joined:
    Jan 27, 2011
    Messages:
    20
    Finished ComboFix and I think I may have found out why GMER wasn't working, so I'm going to try running it again.

    ComboFix 11-02-14.02 - KB 15/02/2011 12:50:54.1.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.312 [GMT -6:00]
    Running from: c:\documents and settings\KB\Desktop\User123.exe.exe
    AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\dirty_dishes.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\foodtray.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\heart1.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\heart2.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\heart3.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\menu_down.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\menu_up.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\mop_prop.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\ticket.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\music\cafe\cafe_music_a1.ogg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\music\cafe\cafe_music_a2.ogg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\music\cafe\cafe_music_a3.ogg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\music\cafe\cafe_music_a4.ogg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\music\mainmenumusic.ogg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\baby_cry.ogg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\chef_cook1.ogg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\closing_time.ogg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\customer_ditch.ogg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\dialog_down.ogg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\dialog_up.ogg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\drink_table.ogg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\expert.ogg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\highchair_deliver.ogg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\highchair_pickup.ogg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\keystroke2.ogg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\level_lose.ogg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\level_win.ogg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\menu_click.ogg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\menu_rollover.ogg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\mop_pickup.ogg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\mop_spill.ogg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_bring_check_1_snd.ogg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_deliver_food_1_snd.ogg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_dish_dropoff_1_snd.ogg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_dropoff_drinks_1.ogg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_food_ready_1_snd.ogg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_gain_heart_1.ogg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_get_drinks_1_snd.ogg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_menu_down.ogg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_party_arrive_1_snd.ogg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_pencil_write_2.ogg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_pickup_food_1_snd.ogg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_seat_people_snd.ogg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\spill.ogg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\table_drink.ogg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\tip_2.ogg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\flo_lose.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\flo_win.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\fullscreendialog.jpg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\high_score_menu_bg.jpg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\levelintro.jpg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\levelintro.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\levelover.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\longdialog.jpg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\longdialog.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\mainmenu.jpg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\mainmenu_logo.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\popup.jpg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\popup.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\textfield.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\upgrade_lines.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowdown_a.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowdown_b.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowdown_c.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowup_a.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowup_b.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowup_c.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\checkbox_a.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\checkbox_b.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\checkbox_rotated_a.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\checkbox_rotated_b.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\decor_highlight.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\decor_normal.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\decor_selected.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_large_1.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_large_2.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_large_3.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_small_1.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_small_2.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_small_3.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a1.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a2.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a3.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\left_arrow_a.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\left_arrow_b.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\left_arrow_c.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button1_a.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button1_b.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button1_c.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button1_mask.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button2_a.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button2_b.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button2_c.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button2_mask.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\map_button_a.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\map_button_b.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\map_button_c.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\right_arrow_a.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\right_arrow_b.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\right_arrow_c.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\upgrade_down.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\upgrade_over.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\upgrade_up.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\welcome_player.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\actionpoints.bin
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\career.bin
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\customer.bin
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\endless.bin
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\global.bin
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\powerups.bin
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cook\stove.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cursor\arrow.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cursor\click.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cursor\click2.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cursor\grab.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cursor\open.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\anim.anm
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\anim.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\blue.pal
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\blue_legs.pal
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\legs.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\red.pal
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\red_legs.pal
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\anim.anm
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\anim.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\blue.pal
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\blue_legs.pal
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\legs.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\red.pal
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\red_legs.pal
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\anim.anm
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\anim.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\baby.anm
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\baby.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\blue.pal
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\blue_baby.pal
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\blue_legs.pal
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\legs.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\red.pal
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\red_baby.pal
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\red_legs.pal
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\anim.anm
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\anim.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\blue.pal
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\blue_legs.pal
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\legs.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\red.pal
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\red_legs.pal
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\idle.anm
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\idle.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\lower.anm
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\lower.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\upper.anm
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\upper.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\fonts\mercurius.mvec
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\bench.anm
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\bench.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\blue_highchairbaby.pal
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\chair.anm
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\chair.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\dirt2top.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\dirt4top.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\dishcart.anm
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\dishcart.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\green_highchairbaby.pal
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\highchair_prop_a.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\highchair_prop_b.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\highchairbaby.anm
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\highchairbaby.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\luxury_bench.anm
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\luxury_bench.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\mop_station_a.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\mop_station_b.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\mop_station_c.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\podium.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\podium_heart.anm
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\podium_heart.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\purple_highchairbaby.pal
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\radio.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\red_highchairbaby.pal
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\spill.anm
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\spill.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\stereo.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\ticketstation.anm
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\ticketstation.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\yellow_highchairbaby.pal
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\family.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help_dividerline.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help1_colormatch1.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help1_colormatch2.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help1_noise.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help1_score.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help2_cleardishes.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help2_givecheck.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help2_pickupfood.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help2_servefood.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help2_takeorder.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\hiscore\local-hs-bb.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\hiscore\p1icon.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_1.bin
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_2.bin
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_3.bin
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_4.bin
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_5.bin
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_6.bin
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\endless_1_1.bin
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\endless_1_1_a.bin
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\endless_1_1_b.bin
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\endless_1_1_c.bin
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\playfirstlogo.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\background.jpg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\blue.pal
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\green.anm
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\green.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\grey.pal
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\red.pal
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\food\cup1.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\food\food.anm
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\food\food.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\frames\2_0.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\frames\2_1.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\furniture\drinkstation1_a.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\furniture\drinkstation1_b.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\furniture\drinkstation1_c.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\people\cook.anm
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\people\cook.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\props\cup_prop1.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\tables\2top.anm
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\tables\2top.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\tables\4top.anm
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\tables\4top.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\upgrade_icons\cafe_icon_2_0.jpg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\upgrade_icons\cafe_icon_2_1.jpg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\upgrades.xml
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\tableshadow.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\careerupgrade.lua
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\choosedifficulty.lua
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\closeconfirm.lua
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\entername.lua
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\game.lua
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\getmoregames.lua
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\help1.lua
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\help2.lua
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\hiscore.lua
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\hiscoreinfo.lua
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\hiscoresubmit.lua
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\levelintro.lua
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\levelover.lua
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\loading.lua
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\mainloop.lua
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\mainmenu.lua
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\ok.lua
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\pause.lua
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\style.lua
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\upgrade.lua
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\upsell.lua
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\yesno.lua
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\splash\aol_logo.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\splash\playfirst_logo.jpg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\strings.xml
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\angersmoke.anm
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\angersmoke.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\bubbles\request_bubble.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\bubbles\request_mop.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\bubbles\request_rejectmeal.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\chairflags.anm
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\chairflags.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\check.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\checkmark.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\closed.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\coinflip.anm
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\coinflip.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\decor_lines.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\dollar.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\expert.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\foodpoof.anm
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\foodpoof.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\heartgrow.anm
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\heartgrow.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\jar.anm
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\jar.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\lives_icon.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\noisering.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_a.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_b.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_c.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_d.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_e.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_f.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\tablenumber_a.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\tablenumber_b.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\traynumber.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\tutorialarrow.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\tutorialbox.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\ui_base.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\ui_hand.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\ui_timer_off.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\ui_timer_on.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgradeanim.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_bench_a.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_bench_b.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_bench_c.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_drink_station1_a.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_drink_station1_b.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_drink_station1_c.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_luxury_bench_a.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_luxury_bench_b.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_luxury_bench_c.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_oven_a.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_oven_b.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_oven_c.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_podium_a.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_podium_b.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_podium_c.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_powerbars_a.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_powerbars_b.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_powerbars_c.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_radio_a.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_radio_b.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_radio_c.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_stereo_a.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_stereo_b.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_stereo_c.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_table_a.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_table_b.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_table_c.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\upsell\dd1.jpg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\upsell\dd2.jpg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\upsell\dd3.jpg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\upsell\dd4.jpg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\dinerdash2.exe

    Infected copy of c:\windows\system32\drivers\volsnap.sys was found and disinfected
    Restored copy from - Kitty had a snack :p
    .
    ((((((((((((((((((((((((( Files Created from 2011-01-15 to 2011-02-15 )))))))))))))))))))))))))))))))
    .

    2011-02-13 15:39 . 2011-02-13 15:39 5427 ----a-w- c:\windows\EGATHDRV.TMP
    2011-02-05 23:50 . 2011-02-05 23:50 -------- d-----w- c:\documents and settings\Audrey\Application Data\IBM
    2011-02-03 05:12 . 2011-02-03 05:23 -------- d-----w- C:\test
    2011-02-02 01:55 . 2011-02-02 01:55 -------- d-----w- c:\documents and settings\KB\Application Data\SUPERAntiSpyware.com
    2011-02-02 01:55 . 2011-02-02 01:55 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2011-02-02 01:55 . 2011-02-02 01:56 -------- d-----w- c:\program files\SUPERAntiSpyware
    2011-01-31 02:07 . 2011-01-31 02:07 -------- d-----w- c:\documents and settings\KB\Application Data\Malwarebytes
    2011-01-31 02:06 . 2011-01-31 02:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-01-31 02:06 . 2010-12-21 00:09 38224 ------w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-01-31 02:06 . 2010-12-21 00:08 20952 ------w- c:\windows\system32\drivers\mbam.sys
    2011-01-31 02:06 . 2011-01-31 02:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-01-25 21:27 . 2001-08-17 18:49 75136 ------w- c:\windows\system32\dllcache\atimpae.sys
    2011-01-25 21:26 . 2001-08-17 18:11 46112 ------w- c:\windows\system32\dllcache\adptsf50.sys
    2011-01-25 20:08 . 2011-01-25 20:08 -------- d-----w- C:\Intel
    2011-01-25 16:37 . 2011-01-25 16:37 -------- d-----w- c:\documents and settings\Administrator.AGREENHILL.002\Local Settings\Application Data\Adobe
    2011-01-21 14:44 . 2011-01-21 14:44 439296 ------w- c:\windows\system32\dllcache\shimgvw.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-02-13 15:39 . 2004-03-19 19:03 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS
    2011-01-21 14:44 . 1980-01-01 07:00 439296 ------w- c:\windows\system32\shimgvw.dll
    2011-01-07 14:09 . 1980-01-01 07:00 290048 ----a-w- c:\windows\system32\atmfd.dll
    2010-12-31 13:10 . 1980-01-01 07:00 1854976 ------w- c:\windows\system32\win32k.sys
    2010-12-22 12:34 . 1980-01-01 07:00 301568 ----a-w- c:\windows\system32\kerberos.dll
    2010-12-20 23:59 . 1980-01-01 07:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-12-20 23:59 . 1980-01-01 07:00 43520 ------w- c:\windows\system32\licmgr10.dll
    2010-12-20 23:59 . 1980-01-01 07:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2010-12-20 17:26 . 1980-01-01 07:00 730112 ------w- c:\windows\system32\lsasrv.dll
    2010-12-20 12:55 . 2005-12-10 20:18 385024 ------w- c:\windows\system32\html.iec
    2010-12-09 14:30 . 1980-01-01 07:00 33280 ------w- c:\windows\system32\csrsrv.dll
    2010-11-18 18:12 . 2003-02-21 16:26 81920 ------w- c:\windows\system32\isign32.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-08-07 700416]
    "MtdAcqu"="c:\program files\Creative\MediaSource5\MtdAcqu.exe" [2006-03-08 278528]
    "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
    "ibmmessages"="c:\program files\IBM\Messages By IBM\ibmmessages.exe" [2004-07-22 442368]
    "Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-01-13 2424560]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "S3TRAY2"="S3Tray2.exe" [2001-10-12 69632]
    "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-06-16 110592]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-06-16 512000]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 155648]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976]
    "TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2005-10-29 864256]
    "TpShocks"="TpShocks.exe" [2004-03-27 102400]
    "TPHOTKEY"="c:\progra~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-05-10 94208]
    "TP4EX"="tp4ex.exe" [2002-09-04 53248]
    "EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2003-12-25 208896]
    "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-09-02 127035]
    "ibmmessages"="c:\program files\IBM\Messages By IBM\\ibmmessages.exe" [2004-07-22 442368]
    "SSC_UserPrompt"="c:\program files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-08-06 218240]
    "TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2006-03-28 503808]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
    "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
    "ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2006-04-17 409600]
    "ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2006-04-17 98304]
    "cssauth"="c:\program files\IBM ThinkVantage\Client Security Solution\cssauth.exe" [2005-12-21 1996336]
    "PDService.exe"="c:\program files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe" [2005-11-15 49152]
    "BMMLREF"="c:\program files\ThinkPad\Utilities\BMMLREF.EXE" [2005-04-20 20480]
    "BMMMONWND"="c:\progra~1\ThinkPad\UTILIT~1\BatInfEx.dll" [2005-04-20 396288]
    "BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-04-20 208896]
    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-04-08 48752]
    "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-04-17 85184]
    "LXCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll" [2005-01-10 69632]
    "CreativeTaskScheduler"="c:\program files\Creative\Shared Files\CTSched.exe" [2006-01-09 53340]
    "ISUSPM Startup"="c:\progra~1\common~1\instal~1\update~1\isuspm.exe" [2004-07-27 221184]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
    "YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
    "AVFX Engine"="c:\program files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-10-20 20480]
    "V0250Mon.exe"="c:\windows\V0250Mon.exe" [2006-06-08 32768]
    "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2010-12-25 274608]
    "Creative Software Update"="c:\program files\Creative\Shared Files\Software Update\AutoUpdate.exe" [2006-02-07 417881]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "configmsi"="rmdir" [X]
    "supportdir"="rmdir" [X]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-12-10 24576]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 22:21 548352 ------w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
    2005-07-06 04:45 28672 ------w- c:\windows\system32\notifyf2.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
    2005-12-01 01:16 24576 ------w- c:\windows\system32\tphklock.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
    backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
    backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
    2005-01-20 02:19 299008 ------w- c:\program files\Lexmark Fax Solutions\fm3032.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxccmon.exe]
    2005-02-21 11:21 192512 ------w- c:\program files\Lexmark 3300 Series\lxccmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-03-19 03:16 421888 ------w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%ProgramFiles%\\IBM\\Updater\\jre\\bin\\javaw.exe"=
    "%ProgramFiles%\\IBM\\Updater\\jre\\bin\\java.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\KODAK\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe"=
    "c:\\WINDOWS\\system32\\rtcshare.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\StubInstaller.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:Remote Desktop
    "65533:TCP"= 65533:TCP:Services
    "52344:TCP"= 52344:TCP:Services

    R0 ANCSQ;ANCSQ;c:\windows\system32\drivers\ANCSQ.sys [21/12/2005 3:39 PM 6912]
    R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [17/04/2010 2:29 PM 207280]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 12:25 PM 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 12:41 PM 67656]
    R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [10/12/2005 2:55 PM 16384]
    R2 PrivateDisk;PrivateDisk;c:\program files\IBM ThinkVantage\SafeGuard PrivateDisk\privatediskm.sys [15/11/2005 12:11 PM 46142]
    R2 smi2;smi2;c:\program files\SMI2\smi2.sys [21/12/2005 3:45 PM 3968]
    R3 EraserUtilDrvI10;EraserUtilDrvI10;c:\program files\Common Files\Symantec Shared\eengine\EraserUtilDrvI10.sys [12/02/2011 12:54 AM 102448]
    S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [17/04/2010 2:31 PM 112592]
    S2 Ca50xav;PDC 2030 Video Device;c:\windows\system32\drivers\ca50xav.sys [31/05/2006 9:40 PM 515803]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [24/12/2010 6:11 PM 136176]
    S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [19/02/2010 5:54 PM 42752]
    S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [17/04/2005 11:30 AM 124608]
    S3 V0250Dev;Live! Cam Notebook Pro;c:\windows\system32\drivers\V0250Dev.sys [23/12/2010 4:58 PM 185504]
    S3 V0250Vfx;V0250Vfx;c:\windows\system32\drivers\V0250Vfx.sys [23/12/2010 4:58 PM 6272]
    S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [08/05/2010 10:01 AM 90296]
    S4 WinDefend;Windows Defender Service;c:\program files\Windows Defender\MsMpEng.exe [03/04/2006 5:12 PM 14032]
    .
    Contents of the 'Scheduled Tasks' folder

    2011-02-07 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

    2006-05-30 c:\windows\Tasks\BMMTask.job
    - c:\progra~1\ThinkPad\UTILIT~1\BMMTASK.EXE [2005-12-10 06:38]

    2011-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-12-25 00:11]

    2011-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-12-25 00:11]

    2011-02-14 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-04-03 23:12]

    2011-02-15 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3768197577-3737562712-2379885825-1006.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33]

    2011-02-15 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3768197577-3737562712-2379885825-1009.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33]

    2011-02-15 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3768197577-3737562712-2379885825-500.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33]

    2011-02-15 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3768197577-3737562712-2379885825-1006.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33]

    2011-02-15 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3768197577-3737562712-2379885825-1009.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33]

    2011-02-01 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3768197577-3737562712-2379885825-500.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33]

    2006-05-30 c:\windows\Tasks\Symantec NetDetect.job
    - c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2005-12-10 22:32]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.ask.com?o=16796S&l=dis
    mStart Page = hxxp://ca.yahoo.com
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = localhost;<local>
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\KB\Start Menu\Programs\Accessories\IMVU\Run IMVU.lnk
    LSP: c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll
    DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
    FF - ProfilePath - c:\documents and settings\KB\Application Data\Mozilla\Firefox\Profiles\5n39fbhe.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://ca.search.yahoo.com/search?fr=ffsp1&p=
    FF - prefs.js: browser.search.selectedEngine - Ask.com
    FF - prefs.js: browser.startup.homepage - www.yahoo.ca/
    FF - prefs.js: network.proxy.type - 0
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    FF - user.js: general.useragent.extra.zencast - );user_pref(yahoo.ytff.general.dontshowhpoffer, true
    .
    - - - - ORPHANS REMOVED - - - -

    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    Notify-ACNotify - ACNotify.dll



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-02-15 13:15
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    LXCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,[email protected]???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(940)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
    c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
    c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
    c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
    c:\windows\system32\tphklock.dll

    - - - - - - - > 'lsass.exe'(996)
    c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll

    - - - - - - - > 'explorer.exe'(2152)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\IME\SPGRMR.DLL
    c:\program files\Common Files\Microsoft Shared\INK\PENUSA.DLL
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\docume~1\KB\LOCALS~1\Temp\catchme.dll
    c:\program files\Microsoft Office\OFFICE11\msohev.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\ibmpmsvc.exe
    c:\program files\Intel\Wireless\Bin\EvtEng.exe
    c:\program files\Intel\Wireless\Bin\S24EvMon.exe
    c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
    c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
    c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\system32\CTsvcCDA.exe
    c:\windows\system32\drivers\dcfssvc.exe
    c:\program files\Symantec AntiVirus\DefWatch.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\program files\Intel\Wireless\Bin\RegSrvc.exe
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\program files\Analog Devices\SoundMAX\SMAgent.exe
    c:\program files\lenovo\system update\suservice.exe
    c:\program files\Symantec AntiVirus\Rtvscan.exe
    c:\windows\system32\TpKmpSVC.exe
    c:\program files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
    c:\program files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
    c:\program files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
    c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
    c:\program files\Canon\CAL\CALMAIN.exe
    c:\program files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
    c:\program files\ThinkPad\ConnectUtilities\AcMurocHlpr.exe
    c:\windows\system32\TpShocks.exe
    c:\program files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
    c:\program files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
    c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
    .
    **************************************************************************
    .
    Completion time: 2011-02-15 13:26:55 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-02-15 19:26

    Pre-Run: 2,587,258,880 bytes free
    Post-Run: 2,638,045,184 bytes free

    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Home Edition" /fastdetect

    - - End Of File - - DA0B8F2810842DE6F986CBDC8C94F1C9
     
  11. white_knight2990

    white_knight2990 Thread Starter

    Joined:
    Jan 27, 2011
    Messages:
    20
    Okay, so I attempted GMER again, but it had crashed my computer again. So, above is my ComboFix log. I still cannot open my computer or any type of folder. Anymore suggestions?
     
  12. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    35,718
    Okay, leave GMER for now, and lets do this:

    • Please go to VirSCAN.org FREE on-line scan service
    • Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:
      • c:\StubInstaller.exe
    • Click on the Upload button
    • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
    • Paste the contents of the Clipboard in your next reply.


    ----------------------


    Then, can you do this:


    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    3. Download the attached CFScript.txt and save it to your desktop ( click on the link underneath this post & if you are using internet explorer when the "File download" pop up comes press SAVE and choose desktop in the list of selections in that window & press save)

    [​IMG]

    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

    eddie
     

    Attached Files:

  13. white_knight2990

    white_knight2990 Thread Starter

    Joined:
    Jan 27, 2011
    Messages:
    20
    Hey, I'm still relatively new to all this. I've attempted running combofix several times, once for over an hour. I've watched it run through completely once and now it seems to be freezing up right after it creates a backup. I haven't been running this in safe mode, should I attempt that?
     
  14. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    35,718
    If its still causing problems, we can do it a manual way, where it doesn't use much memory :)

    Download OTL to your Desktop
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

    eddie
     
  15. white_knight2990

    white_knight2990 Thread Starter

    Joined:
    Jan 27, 2011
    Messages:
    20
    OTL Extras logfile created on: 25/02/2011 12:47:10 PM - Run 1
    OTL by OldTimer - Version 3.2.21.0 Folder = C:\Documents and Settings\KB\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

    1,014.00 Mb Total Physical Memory | 338.00 Mb Available Physical Memory | 33.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 84.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 70.01 Gb Total Space | 2.23 Gb Free Space | 3.18% Space Free | Partition Type: NTFS
    Drive R: | 99.72 Mb Total Space | 99.72 Mb Free Space | 100.00% Space Free | Partition Type: FAT

    Computer Name: AGREENHILL | User Name: KB | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
    "65533:TCP" = 65533:TCP:*:Enabled:Services
    "52344:TCP" = 52344:TCP:*:Enabled:Services

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22008
    "3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
    "65533:TCP" = 65533:TCP:*:Enabled:Services
    "52344:TCP" = 52344:TCP:*:Enabled:Services

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%ProgramFiles%\IBM\Updater\jre\bin\javaw.exe" = %ProgramFiles%\IBM\Updater\jre\bin\javaw.exe:*:enabled:Java launcher
    "%ProgramFiles%\IBM\Updater\jre\bin\java.exe" = %ProgramFiles%\IBM\Updater\jre\bin\java.exe:*:enabled:Java launcher
    "C:\Program Files\IBM\Updater\jre\bin\java.exe" = C:\Program Files\IBM\Updater\jre\bin\java.exe:*:Enabled:Java launcher
    "C:\Program Files\IBM\Updater\jre\bin\javaw.exe" = C:\Program Files\IBM\Updater\jre\bin\javaw.exe:*:Enabled:Java launcher
    "C:\Program Files\IBM\Updater\ucsmb.exe" = C:\Program Files\IBM\Updater\ucsmb.exe:*:Enabled:UC Tray Icon
    "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%ProgramFiles%\IBM\Updater\jre\bin\javaw.exe" = %ProgramFiles%\IBM\Updater\jre\bin\javaw.exe:*:enabled:Java launcher
    "%ProgramFiles%\IBM\Updater\jre\bin\java.exe" = %ProgramFiles%\IBM\Updater\jre\bin\java.exe:*:enabled:Java launcher
    "C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe" = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe:*:Disabled:backWeb-7288971 -- ()
    "C:\WINDOWS\system32\rtcshare.exe" = C:\WINDOWS\system32\rtcshare.exe:*:Disabled:RTC App Sharing -- (Microsoft Corporation)
    "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
    "C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer -- (LimeWire)
    "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
    "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
    "{1007F41F-7D69-468E-8017-3849A5A973C2}" = IBM ThinkVantage Technologies Welcome Message
    "{11DB853A-6966-4724-BEAD-793C48AC8C54}" = Kodak EasyShare software
    "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = IBM DLA
    "{1526D87C-A955-4FAB-BF18-697BA457E352}" = Norton WMI Update
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
    "{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = ThinkPad Keyboard Customizer Utility
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
    "{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 17
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{28DA872A-0848-48CF-B749-19A198157A2A}" = mDriver
    "{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
    "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
    "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
    "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
    "{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
    "{5A633ED0-E5D7-4D65-AB8D-53ED43510284}" = Symantec AntiVirus
    "{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype&#8482; 3.2
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6C72E14A-C1F3-45E5-8810-83CE3C19ED63}" = IBM 32-bit Runtime Environment for Java 2, v1.4.1
    "{6CE96A14-61E2-48CC-837E-22710A953ADE}" = IBM Themes
    "{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}" = mCore
    "{72806716-7088-41B2-8FA6-717A2A164DAB}" = IBM Active Protection System
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
    "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
    "{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections
    "{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}" = IBM ThinkPad UltraNav Wizard
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
    "{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
    "{868C40D3-49C9-46FC-A143-5775826D3115}" = PDC2030
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
    "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
    "{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
    "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
    "{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
    "{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
    "{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
    "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
    "{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
    "{B2D7CE29-614A-4ACC-8BFE-009EB3A244C9}" = Windows Defender
    "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
    "{BA68600E-96D9-4E92-80F2-26B9681B5A63}" = Microsoft Office Outlook 2003 with Business Contact Manager Update
    "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
    "{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
    "{BF90215F-2D7B-4C84-8A24-A03BC41B95DD}" = Rescue and Recovery - Client Security Solution
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
    "{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
    "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
    "{EA664480-3844-11D5-8C25-444553540000}" = IBM TrackPoint Accessibility Features
    "{EC6AF20D-4376-4070-BEE4-D3A0DFF7E140}" = Access IBM
    "{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
    "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
    "{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F386C340-DF4B-4BBA-9503-420FB7EDB395}" = Wallpapers
    "{F413B3A4-EE5D-457C-BAE5-6E58D9589ED5}" = Access IBM Message Center
    "{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
    "Ad-Aware SE Personal" = Ad-Aware SE Personal
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "Advanced Video FX Engine" = Advanced Video FX Engine
    "Advanced Video FX Utility" = Advanced Video FX Utility
    "Audacity_is1" = Audacity 1.2.6
    "AudibleManager" = AudibleManager
    "CAL" = Canon Camera Access Library
    "CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
    "CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
    "CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
    "Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
    "CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_05591014" = ThinkPad Integrated 56K Modem
    "Creative Live! Cam Center" = Creative Live! Cam Center
    "Creative Live! Cam Doodling" = Creative Live! Cam Doodling
    "Creative Live! Cam Notebook Pro User's Guide English" = Creative Live! Cam Notebook Pro User's Guide (English)
    "Creative Photo Calendar" = Creative Photo Calendar
    "Creative Photo Manager" = Creative Photo Manager
    "Creative Removable Disk Manager" = Creative Removable Disk Manager
    "Creative Software AutoUpdate" = Creative Software AutoUpdate
    "Creative VF0250" = Creative Live! Cam Notebook Pro Driver (1.02.06.0627)
    "Creative WebCam Center" = Creative WebCam Center
    "CSCLIB" = Canon Camera Support Core Library
    "EasyEject Utility" = IBM ThinkPad EasyEject Utility
    "EOS Utility" = Canon Utilities EOS Utility
    "ie8" = Windows Internet Explorer 8
    "igLoader_is1" = igLoader 2,0,0,2
    "InstallShield_{6C72E14A-C1F3-45E5-8810-83CE3C19ED63}" = IBM 32-bit Runtime Environment for Java 2, v1.4.1
    "LAME for Audacity_is1" = LAME v3.98.3 for Audacity
    "Lexmark 3300 Series" = Lexmark 3300 Series
    "Lexmark Fax Solutions" = Lexmark Fax Solutions
    "LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
    "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
    "PC Matic_is1" = PC Matic 1.0.0.16
    "PhotoStitch" = Canon Utilities PhotoStitch
    "Power Features" = IBM ThinkPad Battery MaxiMiser and Power Management Features
    "Power Management Driver" = ThinkPad Power Management Driver
    "Presentation Director" = IBM ThinkPad Presentation Director
    "ProInst" = Intel(R) PROSet/Wireless Software
    "PROSet" = Intel(R) PRO Network Connections Drivers
    "RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
    "RealPlayer 12.0" = RealPlayer
    "RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
    "SynTPDeinstKey" = IBM ThinkPad UltraNav Driver
    "SysInfo" = Creative System Information
    "ThinkPad Configuration" = IBM ThinkPad Configuration
    "ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
    "ThinkPadSoftwareInstaller" = ThinkPad Software Installer
    "UnityWebPlayer" = Unity Web Player
    "uTorrent" = µTorrent
    "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    "WIC" = Windows Imaging Component
    "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 10
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver
    "WinZip" = WinZip
    "WMFDist11" = Windows Media Format 11 runtime
    "WMV9APDMOE" = Windows Media Video 9 Advanced Profile Codec
    "Xvid_is1" = Xvid 1.1.2 final uninstall
    "Yahoo! Messenger" = Yahoo! Messenger
    "Yahoo! Search Defender" = Yahoo! Search Protection
    "Yahoo! Software Update" = Yahoo! Software Update
    "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 18/02/2011 1:05:40 PM | Computer Name = AGREENHILL | Source = Windows Live Messenger | ID = 1000
    Description =

    Error - 18/02/2011 4:23:57 PM | Computer Name = AGREENHILL | Source = Windows Live Messenger | ID = 1000
    Description =

    Error - 18/02/2011 4:38:22 PM | Computer Name = AGREENHILL | Source = Windows Live Messenger | ID = 1000
    Description =

    Error - 19/02/2011 12:42:22 PM | Computer Name = AGREENHILL | Source = Windows Live Messenger | ID = 1000
    Description =

    Error - 20/02/2011 5:10:38 PM | Computer Name = AGREENHILL | Source = Windows Live Messenger | ID = 1000
    Description =

    Error - 21/02/2011 3:54:28 AM | Computer Name = AGREENHILL | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 21/02/2011 3:54:28 AM | Computer Name = AGREENHILL | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 10064

    Error - 21/02/2011 3:54:28 AM | Computer Name = AGREENHILL | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 10064

    Error - 21/02/2011 3:45:57 PM | Computer Name = AGREENHILL | Source = EventSystem | ID = 4609
    Description = The COM+ Event System detected a bad return code during its internal
    processing. HRESULT was 8007043C from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
    Please contact Microsoft Product Support Services to report this erro

    Error - 24/02/2011 4:25:42 PM | Computer Name = AGREENHILL | Source = Microsoft Office 11 | ID = 2001
    Description = Rejected Safe Mode action : Microsoft Office Word.

    [ System Events ]
    Error - 25/02/2011 2:44:39 PM | Computer Name = AGREENHILL | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk0\D, has a bad block.

    Error - 25/02/2011 2:44:43 PM | Computer Name = AGREENHILL | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk0\D, has a bad block.

    Error - 25/02/2011 2:50:52 PM | Computer Name = AGREENHILL | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk0\D, has a bad block.

    Error - 25/02/2011 2:50:55 PM | Computer Name = AGREENHILL | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk0\D, has a bad block.

    Error - 25/02/2011 2:50:59 PM | Computer Name = AGREENHILL | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk0\D, has a bad block.

    Error - 25/02/2011 2:51:02 PM | Computer Name = AGREENHILL | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk0\D, has a bad block.

    Error - 25/02/2011 2:51:05 PM | Computer Name = AGREENHILL | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk0\D, has a bad block.

    Error - 25/02/2011 2:51:08 PM | Computer Name = AGREENHILL | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk0\D, has a bad block.

    Error - 25/02/2011 2:51:12 PM | Computer Name = AGREENHILL | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk0\D, has a bad block.

    Error - 25/02/2011 2:51:15 PM | Computer Name = AGREENHILL | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk0\D, has a bad block.


    < End of report >
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/977313

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice