1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Strange Behavior -Hard Drive Suddenly Full

Discussion in 'Virus & Other Malware Removal' started by durgon, Dec 13, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. durgon

    durgon Thread Starter

    Joined:
    Feb 8, 2009
    Messages:
    23
    I have a Dell Dimension 8300 running Windows XP SP2. I went to defrag the hard drive and discovered that it was too full to proceed. I then moved off a large amount of files to the second internal hard drive, ran CCleaner and freed up abou 28GB of space. I also used Advanced System Care 5 to clean things up. Then, suddenly, I boot up and get the Low Disk Space warning and my computer shows that I have 0GB available. Disk Cleanup found some extraneous files I could delete and CCleaner found some more. After this, I checked my disk space and it then had 20GB free. Out of curiosity, I refreshed and kept checking the disk space and it went down each time I checked it until it was at 0 again. I did not do anything else on the computer except refreshing windows.

    I tried using TreeSize Free to determine where the space is being used up but got the error "...is not a valid Win32 application." I tried running it in Safe Mode and it gave the same error. I also tried to run Trendmicro's HouseCall online scanner and it gave the same error as TreeSize.

    MalawareBytes found no problems. Kapersky Internet Security found 4 infected files during all of this and they were deleted. They resided in my archives on an external disc and originated in the Temp folder which has since been emptied.

    1) 12/12/2011 8:06:09 PM Kaspersky Internet Security Protection Center Detected: HEUR:Trojan.Script.Iframer g:\c_f_drive_backups\c_f_drives (42).gbp/MF/C/Documents and Settings/Claire and Austin/Local Settings/Temp/63CC7ICL.htm

    2) 12/12/2011 8:06:09 PM Kaspersky Internet Security Protection Center Detected: HEUR:Trojan.Script.Iframer g:\c_f_drive_backups\c_f_drives (43).gbp/MF/C/Documents and Settings/Claire and Austin/Local Settings/Temp/63CC7ICL.htm

    3) 12/12/2011 8:06:10 PM Kaspersky Internet Security Protection Center Detected: HEUR:Trojan.Script.Iframer g:\c_f_drive_backups\c_f_drives (43).gbp/MF/C/Documents and Settings/Claire and Austin/Local Settings/Temp/EBKCNVDD.htm

    4) 12/12/2011 8:11:31 PM Kaspersky Internet Security Protection Center Detected: HEUR:Trojan.Script.Iframer g:\c_f_drive_backups\c_f_drives (42).gbp/MF/C/Documents and Settings/Claire and Austin/Local Settings/Temp/EBKCNVDD.htm

    Below is the TSG info:

    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows XP Home Edition, Service Pack 2, 32 bit
    Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz, x86 Family 15 Model 2 Stepping 9
    Processor Count: 2
    RAM: 2046 Mb
    Graphics Card: NVIDIA GeForce FX 5200, 128 Mb
    Hard Drives: C: Total - 76245 MB, Free - 14 MB; F: Total - 76285 MB, Free - 22603 MB; G: Total - 610477 MB, Free - 390803 MB;
    Motherboard: Dell Computer Corp., 0M2035
    Antivirus: Kaspersky Internet Security, Updated: Yes, On-Demand Scanner: Enabled

    Below is my HJT Log.

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 11:25:01 AM, on 12/13/2011
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
    C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
    C:\WINDOWS\system32\LxrSII1s.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\java.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\WINDOWS\System32\LVCOMSX.EXE
    C:\Program Files\Genie-Soft\GBMPro8\GBMAgent.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\Anne Genova\Local Settings\Application Data\Lexar Media\LxrAutorun.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtblfs.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Anne Genova\Desktop\HijackThis.exe
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: RetailMeNot BHO - {4F6AA3AB-A613-4736-A609-12B27F676631} - C:\Documents and Settings\Anne Genova\Application Data\RetailMeNot Add-on\RetailMeNot.dll
    O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: &RetailMeNot Toolbar - {D207474F-6F4D-4e1e-81DC-9D2AA28A03CB} - C:\Documents and Settings\Anne Genova\Application Data\RetailMeNot Add-on\RetailMeNot.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [GBMPro8Agent] C:\Program Files\Genie-Soft\GBMPro8\GBMAgent.exe
    O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LxrAutorun] C:\Documents and Settings\Anne Genova\Local Settings\Application Data\Lexar Media\LxrAutorun.exe
    O4 - HKCU\..\Run: [GBMPro8Agent] C:\Program Files\Genie-Soft\GBMPro8\GBMAgent.exe
    O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O4 - Global Startup: AutorunsDisabled
    O4 - Global Startup: Logo Calibration Loader.lnk = C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe
    O4 - Global Startup: ProfileReminder.lnk = C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe
    O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/VerizonWirelessUploadControl.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://msbcam.bact.wisc.edu/activex/AxisCamControl.cab
    O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
    O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.ritzpix.com/net/Uploader/ImageUploader3.cab
    O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab
    O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://www.ritzpix.com/upload/FujifilmUploadClient.cab
    O16 - DPF: {AE6C4705-0F11-4ACB-BDD4-37F138BEF289} (Image Uploader Control) - http://www.ritzpix.com/net/Uploader/LPUploader41.cab
    O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
    O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,6001/mcfscan.cab
    O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
    O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSII1s.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: RosettaStoneDaemon - Rosetta Stone Ltd. - C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
    --
    End of file - 14907 bytes


    Below is the DDS log.

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_12
    Run by Anne Genova at 11:30:11 on 2011-12-13
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2047.1251 [GMT -5:00]
    .
    AV: Kaspersky Internet Security *Enabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
    FW: Kaspersky Internet Security *Enabled*
    .
    ============== Running Processes ===============
    .
    C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
    C:\WINDOWS\system32\svchost.exe -k HPService
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
    C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
    C:\WINDOWS\system32\LxrSII1s.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\system32\java.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\WINDOWS\System32\DSentry.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\WINDOWS\System32\LVCOMSX.EXE
    C:\Program Files\Genie-Soft\GBMPro8\GBMAgent.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\Anne Genova\Local Settings\Application Data\Lexar Media\LxrAutorun.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtblfs.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uSearch Bar = hxxp://www.google.com/ie
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: &RetailMeNot BHO: {4f6aa3ab-a613-4736-a609-12b27f676631} - c:\documents and settings\anne genova\application data\retailmenot add-on\RetailMeNot.dll
    BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2011\ievkbd.dll
    BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
    BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: &RetailMeNot Toolbar: {d207474f-6f4d-4e1e-81dc-9d2aa28a03cb} - c:\documents and settings\anne genova\application data\retailmenot add-on\RetailMeNot.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
    EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
    {555d4d79-4bd2-4094-a395-cfc534424a05}
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [LxrAutorun] c:\documents and settings\anne genova\local settings\application data\lexar media\LxrAutorun.exe
    uRun: [GBMPro8Agent] c:\program files\genie-soft\gbmpro8\GBMAgent.exe
    uRun: [Advanced SystemCare 5] "c:\program files\iobit\advanced systemcare 5\ASCTray.exe" /AutoStart
    mRun: [DVDSentry] c:\windows\system32\DSentry.exe
    mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
    mRun: [BCMSMMSG] BCMSMMSG.exe
    mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
    mRun: [GBMPro8Agent] c:\program files\genie-soft\gbmpro8\GBMAgent.exe
    mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2011\avp.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logoca~1.lnk - c:\program files\gretagmacbeth\i1\eye-one match 3\calibrationloader\CalibrationLoader.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\profil~1.lnk - c:\program files\gretagmacbeth\i1\eye-one match 3\ProfileReminder.exe
    IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2011\ie_banner_deny.htm
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
    IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
    Trusted Zone: earthlink.net\webmail.atl
    Trusted Zone: google.com\maps
    Trusted Zone: turbotax.com
    DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
    DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
    DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://download.ewido.net/ewidoOnlineScan.cab
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc.cab
    DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
    DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} - hxxp://www.vzwpix.com/activex/VerizonWirelessUploadControl.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://msbcam.bact.wisc.edu/activex/AxisCamControl.cab
    DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
    DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} - hxxp://www.ritzpix.com/net/Uploader/ImageUploader3.cab
    DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} - hxxp://offers.e-centives.com/cif/download/bin/actxcab.cab
    DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} - hxxp://www.microsoft.com/security/controls/SassCln.CAB
    DPF: {A8683C98-5341-421B-B23C-8514C05354F1} - hxxp://www.ritzpix.com/upload/FujifilmUploadClient.cab
    DPF: {AE6C4705-0F11-4ACB-BDD4-37F138BEF289} - hxxp://www.ritzpix.com/net/Uploader/LPUploader41.cab
    DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - hxxp://support.f-secure.com/ols/fscax.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
    DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} - hxxp://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab
    DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,6001/mcfscan.cab
    TCP: DhcpNameServer = 68.87.68.166 68.87.74.166
    TCP: Interfaces\{35929760-7364-482A-A435-D5B3BCA4DA6C} : DhcpNameServer = 68.87.68.166 68.87.74.166
    Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
    Notify: klogon - c:\windows\system32\klogon.dll
    AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\kloehk.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 KL1;kl1;c:\windows\system32\drivers\kl1.sys [2010-6-9 132184]
    R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2010-7-14 65584]
    R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010-6-9 11352]
    R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2011-6-21 475736]
    R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2011-12-7 490840]
    R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2011\avp.exe [2010-11-2 365336]
    R2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-11-13 204800]
    R2 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\LxrSII1d.sys [2008-5-6 72672]
    R2 PDIHWCTL;PDIHWCTL;c:\windows\system32\drivers\pdihwctl.sys [2007-11-14 14416]
    R2 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files\rosettastoneltdservices\RosettaStoneDaemon.exe [2009-9-3 444224]
    R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2010-5-7 32856]
    R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19472]
    S2 DPPSUSB;DPPSUSB.Sys Sony DPP-SV55 USB Digital Photo Printer Driver;c:\windows\system32\drivers\DPPSUSB.sys [2004-1-31 15872]
    S3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
    S3 ComFiltr;Panda Anti-Dialer;\??\c:\windows\system32\drivers\comfiltr.sys --> c:\windows\system32\drivers\COMFiltr.sys [?]
    S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2010-5-27 18560]
    S3 i1;i1 Pro;c:\windows\system32\drivers\i1.sys [2007-11-14 26045]
    S3 wimmount;wimmount;c:\windows\system32\drivers\wimmount.sys [2010-6-15 19024]
    .
    =============== Created Last 30 ================
    .
    .
    ==================== Find3M ====================
    .
    2011-12-06 00:46:35 414368 ------w- c:\windows\system32\FlashPlayerCPLApp.cpl
    .
    ============= FINISH: 11:32:06.92 ===============

    Attached is the Attach.txt


    MANY, MANY Thanks in advance for all that you do to help those of us who can't quite help ourselves :)

    Anne
     

    Attached Files:

  2. durgon

    durgon Thread Starter

    Joined:
    Feb 8, 2009
    Messages:
    23
  3. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    37,226
    Hiya

    Sorry for the delay, these forums are quite busy.

    Okay, firstly can you go to AddRemove Programs via the Control Panel and uninstall this:

    Advanced SystemCare 5

    Then, can you do the following:

    Download and scan with SUPERAntiSpyware Free for Home Users
    • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    • An icon will be created on your desktop. Double-click that icon to launch the program.
    • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
    • Under "Configuration and Preferences", click the Preferences button.
    • Click the Scanning Control tab.
    • Under Scanner Options make sure the following are checked (leave all others unchecked):
      • Close browsers before scanning.
      • Scan for tracking cookies.
      • Terminate memory threats before quarantining.
    • Click the "Close" button to leave the control center screen.
    • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive.
    • On the right, under "Complete Scan", choose Perform Complete Scan.
    • Click "Next" to start the scan. Please be patient while it scans your computer.
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes".
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.
      • Click Preferences, then click the Statistics/Logs tab.
      • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
      • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
      • Please copy and paste the Scan Log results in your next reply.
    • Click Close to exit the program.


    ---------------------------------

    Download OTL to your Desktop
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic


    ==================

    eddie
     
  4. durgon

    durgon Thread Starter

    Joined:
    Feb 8, 2009
    Messages:
    23
    Eddie-

    Thanks so much for taking on my problem! Below is the log file for the SUPERantispyware scan.


    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 12/22/2011 at 07:56 PM

    Application Version : 5.0.1142

    Core Rules Database Version : 8084
    Trace Rules Database Version: 5896

    Scan type : Complete Scan
    Total Scan Time : 02:06:22

    Operating System Information
    Windows XP Home Edition 32-bit, Service Pack 2 (Build 5.01.2600)
    Administrator

    Memory items scanned : 595
    Memory threats detected : 0
    Registry items scanned : 37935
    Registry threats detected : 0
    File items scanned : 149748
    File threats detected : 485

    Adware.Tracking Cookie
    C:\Documents and Settings\Anne Genova\Cookies\[email protected][2].txt [ /accounts.google ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\Cookies\[email protected][1].txt [ Cookie:claire and [email protected]/ ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\Cookies\[email protected][2].txt [ Cookie:claire and

    [email protected]/ ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\Cookies\[email protected][2].txt [ Cookie:claire and [email protected]/ ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\Cookies\[email protected][1].txt [ Cookie:claire and

    [email protected]/ ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\Cookies\[email protected][2].txt [ Cookie:claire and [email protected]/ ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\Cookies\[email protected][2].txt [ Cookie:claire and [email protected]/ ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\Cookies\[email protected][3].txt [ Cookie:claire and

    [email protected]/ ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\Cookies\[email protected][1].txt [ Cookie:claire and

    [email protected]/ ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\Cookies\[email protected][1].txt [ Cookie:claire and [email protected]/ ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\Cookies\[email protected][1].txt [ Cookie:claire and [email protected]/ ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\Cookies\[email protected][2].txt [ Cookie:claire and

    [email protected]/ ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\Cookies\[email protected][1].txt [ Cookie:claire and

    [email protected]/ ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\Cookies\[email protected][3].txt [ Cookie:claire and [email protected]/ ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\Cookies\[email protected][1].txt [ Cookie:claire and [email protected]/ ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\Cookies\[email protected][1].txt [ Cookie:claire and [email protected]/ ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\Cookies\[email protected][1].txt [ Cookie:claire and [email protected]/ ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\Cookies\[email protected][4].txt [ Cookie:claire and

    [email protected]/ ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\Cookies\[email protected][1].txt [ Cookie:claire and [email protected]/ ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\Cookies\[email protected][3].txt [ Cookie:claire and [email protected]/accounts/ ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\Cookies\[email protected][2].txt [ Cookie:claire and [email protected]/ ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\Cookies\[email protected][1].txt [ Cookie:claire and

    [email protected]/ ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\Cookies\[email protected][1].txt [ Cookie:claire and

    [email protected]/ ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\Cookies\[email protected][1].txt [ Cookie:claire and

    [email protected]/ ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\Cookies\[email protected][2].txt [ Cookie:claire and [email protected]/ ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\Cookies\[email protected][1].txt [ Cookie:claire and [email protected]/ ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\Cookies\[email protected][1].txt [ Cookie:claire and

    [email protected]/ ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\Cookies\[email protected][2].txt [ Cookie:claire and [email protected]/ ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\Cookies\[email protected][1].txt [ Cookie:claire and

    [email protected]/ ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\Cookies\[email protected][2].txt [ Cookie:claire and [email protected]/ ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\Cookies\[email protected][2].txt [ Cookie:claire and [email protected]/ ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\Cookies\[email protected][1].txt [ Cookie:claire and

    [email protected]/ ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\Cookies\[email protected][2].txt [ Cookie:claire and [email protected]/ ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\Cookies\[email protected][1].txt [ Cookie:claire and

    [email protected]/ ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\Cookies\[email protected][1].txt [ Cookie:claire and [email protected]-sys.com/ ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\Cookies\[email protected][2].txt [ Cookie:claire and [email protected]/ ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\Cookies\[email protected][2].txt [ Cookie:claire and [email protected]/ ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\Cookies\[email protected][1].txt [ Cookie:claire and

    [email protected]/ ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\Cookies\[email protected][3].txt [ Cookie:claire and [email protected]/ ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\Cookies\[email protected][2].txt [ Cookie:claire and [email protected]/ ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\Cookies\[email protected][1].txt [ Cookie:claire and [email protected]/ ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\Cookies\[email protected][1].txt [ Cookie:claire and [email protected]/ ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\Cookies\[email protected][2].txt [ Cookie:claire and [email protected]/ ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\Cookies\[email protected][1].txt [ Cookie:claire and [email protected]/ ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\Cookies\[email protected][1].txt [ Cookie:claire and [email protected]/ ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\Cookies\[email protected][1].txt [ Cookie:claire and

    [email protected]/ ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\Cookies\[email protected][2].txt [ Cookie:claire and

    [email protected]/ ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\Cookies\[email protected][2].txt [ Cookie:claire and [email protected]/ ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\Cookies\[email protected][1].txt [ Cookie:claire and

    [email protected]/ ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\Cookies\[email protected][1].txt [ Cookie:claire and [email protected]/ ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\Cookies\[email protected][1].txt [ Cookie:claire and [email protected]/ ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\Cookies\[email protected][1].txt [ Cookie:claire and

    [email protected]/pagead/conversion/1029571030/ ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\Cookies\[email protected][1].txt [ Cookie:claire and [email protected]/ ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\Cookies\[email protected][1].txt [ Cookie:claire and [email protected]/ ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\Cookies\[email protected][3].txt [ Cookie:claire and

    [email protected]/cgi-bin ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\Cookies\[email protected][1].txt [ Cookie:claire and

    [email protected]12.2o7.net/ ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\Cookies\[email protected][2].txt [ Cookie:claire and [email protected]/ ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\Cookies\[email protected][1].txt [ Cookie:claire and

    [email protected]/ ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\Cookies\[email protected][1].txt [ Cookie:claire and [email protected]/ ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\Cookies\[email protected][1].txt [ Cookie:claire and [email protected]/ ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\Cookies\[email protected][2].txt [ Cookie:claire and

    [email protected]/ ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\Cookies\[email protected][1].txt [ Cookie:claire and [email protected]/ ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\Cookies\[email protected][2].txt [ Cookie:claire and

    [email protected]/ ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\Cookies\[email protected][1].txt [ Cookie:claire and

    [email protected]/ ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\Cookies\[email protected][2].txt [ Cookie:claire and

    [email protected]/ ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\Cookies\[email protected][1].txt [ Cookie:claire and [email protected]/ ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\Cookies\[email protected][3].txt [ Cookie:claire and

    [email protected]/dt_banner/ ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\Cookies\[email protected][1].txt [ Cookie:claire and

    [email protected]/ ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\Cookies\[email protected][1].txt [ Cookie:claire and

    [email protected]/ ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\Cookies\[email protected][1].txt [ Cookie:claire and

    [email protected]/ ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\Cookies\[email protected][2].txt [ Cookie:claire and [email protected]/ ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\Cookies\[email protected][1].txt [ Cookie:claire and

    [email protected]/ ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\Cookies\[email protected][2].txt [ Cookie:claire and [email protected]/ ]
    C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\APPLICATION DATA\EARTHLINK\6.0\[email protected]\COOKIES\ANNE

    [email protected][1].TXT [ /AD.U2WORLD ]
    C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\APPLICATION DATA\EARTHLINK\6.0\[email protected]\COOKIES\ANNE

    [email protected][1].TXT [ /ADINTERAX ]
    C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\APPLICATION DATA\EARTHLINK\6.0\[email protected]\COOKIES\ANNE

    [email protected]4X.TMCS[1].TXT [ /ADS.AS4X.TMCS ]
    C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\APPLICATION DATA\EARTHLINK\6.0\[email protected]\COOKIES\ANNE

    [email protected][1].TXT [ /ADS.EXPEDIA ]
    C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\APPLICATION DATA\EARTHLINK\6.0\[email protected]\COOKIES\ANNE

    [email protected][1].TXT [ /ADS.QUICKEN ]
    C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\APPLICATION DATA\EARTHLINK\6.0\[email protected]\COOKIES\ANNE

    [email protected][1].TXT [ /ADS.SPECIFICCLICK ]
    C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\APPLICATION DATA\EARTHLINK\6.0\[email protected]\COOKIES\ANNE

    [email protected][1].TXT [ /ADV.SURINTER ]
    C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\APPLICATION DATA\EARTHLINK\6.0\[email protected]\COOKIES\ANNE

    [email protected][1].TXT [ /ADV.WEBMD ]
    C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\APPLICATION DATA\EARTHLINK\6.0\[email protected]\COOKIES\ANNE

    [email protected][2].TXT [ /ATWOLA ]
    C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\APPLICATION DATA\EARTHLINK\6.0\[email protected]\COOKIES\ANNE

    [email protected][2].TXT [ /BIZRATE ]
    C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\APPLICATION DATA\EARTHLINK\6.0\[email protected]\COOKIES\ANNE

    [email protected][1].TXT [ /CLICK.JCREW ]
    C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\APPLICATION DATA\EARTHLINK\6.0\[email protected]\COOKIES\ANNE

    [email protected][1].TXT [ /CLICKABILITY ]
    C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\APPLICATION DATA\EARTHLINK\6.0\[email protected]\COOKIES\ANNE

    [email protected][1].TXT [ /COUNTRYWIDE ]
    C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\APPLICATION DATA\EARTHLINK\6.0\[email protected]\COOKIES\ANNE

    [email protected][2].TXT [ /CREATIVEBY.VIEWPOINT ]
    C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\APPLICATION DATA\EARTHLINK\6.0\[email protected]\COOKIES\ANNE

    [email protected][1].TXT [ /HOST4.E-BUSINESSEXPRESS ]
    C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\APPLICATION DATA\EARTHLINK\6.0\[email protected]\COOKIES\ANNE

    [email protected][1].TXT [ /INDEXTOOLS ]
    C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\APPLICATION DATA\EARTHLINK\6.0\[email protected]\COOKIES\ANNE

    [email protected][1].TXT [ /INSIGHTEXPRESS ]
    C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\APPLICATION DATA\EARTHLINK\6.0\[email protected]\COOKIES\ANNE

    [email protected][2].TXT [ /MACROMEDIA ]
    C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\APPLICATION DATA\EARTHLINK\6.0\[email protected]\COOKIES\ANNE

    [email protected][1].TXT [ /MEDIA.TITLEIST ]
    C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\APPLICATION DATA\EARTHLINK\6.0\[email protected]\COOKIES\ANNE

    [email protected][1].TXT [ /METAREWARD ]
    C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\APPLICATION DATA\EARTHLINK\6.0\[email protected]\COOKIES\ANNE

    [email protected][2].TXT [ /MY.COUNTRYWIDE ]
    C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\APPLICATION DATA\EARTHLINK\6.0\[email protected]\COOKIES\ANNE

    [email protected][1].TXT [ /MYACCOUNT ]
    C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\APPLICATION DATA\EARTHLINK\6.0\[email protected]\COOKIES\ANNE

    [email protected][2].TXT [ /NEXTAG ]
    C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\APPLICATION DATA\EARTHLINK\6.0\[email protected]\COOKIES\ANNE

    [email protected][2].TXT [ /PARTNER2PROFIT ]
    C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\APPLICATION DATA\EARTHLINK\6.0\[email protected]\COOKIES\ANNE

    [email protected][1].TXT [ /TRACK.ROISERVICE ]
    C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\APPLICATION DATA\EARTHLINK\6.0\[email protected]\COOKIES\ANNE

    [email protected][1].TXT [ /WEBFORUMS.MACROMEDIA ]
    C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\APPLICATION DATA\EARTHLINK\6.0\[email protected]\COOKIES\ANNE

    [email protected][1].TXT [ /WINDOWSMEDIA ]
    C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\APPLICATION DATA\EARTHLINK\6.0\[email protected]\COOKIES\ANNE

    [email protected][1].TXT [ /WWW.COUNTRYWIDE ]
    C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\APPLICATION DATA\EARTHLINK\6.0\[email protected]\COOKIES\ANNE

    [email protected][1].TXT [ /WWW.VATRADITIONS ]
    C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\APPLICATION DATA\EARTHLINK\6.0\[email protected]\COOKIES\ANNE

    [email protected][2].TXT [ /WWW.VERMONTCOUNTRYSTORE ]
    C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\APPLICATION DATA\EARTHLINK\6.0\[email protected]\COOKIES\ANNE

    [email protected][2].TXT [ /WWW.VIRGINIATRADITIONS ]
    .imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .revsci.net [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .questionmarket.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .questionmarket.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .doubleclick.net [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .pointroll.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .atdmt.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .atdmt.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .amazon-adsystem.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .amazon-adsystem.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .media6degrees.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .media6degrees.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .fastclick.net [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .collective-media.net [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .interclick.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .interclick.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .casalemedia.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .casalemedia.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .traveladvertising.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .traveladvertising.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .traveladvertising.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .traveladvertising.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .adserver.adtechus.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .adserver.adtechus.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .revsci.net [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    a.intentmedia.net [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .webstat.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .webstat.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .webstat.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .fastclick.net [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .tribalfusion.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .adserver.adtechus.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .casalemedia.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .casalemedia.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .casalemedia.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .casalemedia.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .casalemedia.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .traveladvertising.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .traveladvertising.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .zedo.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .zedo.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .media2.legacy.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .at.atwola.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .at.atwola.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .media.adfrontiers.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .realmedia.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .realmedia.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .realmedia.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .clickfuse.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .adserver.adtechus.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .www.burstnet.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .trafficmp.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .trafficmp.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .trafficmp.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    a.intentmedia.net [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    a.intentmedia.net [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .lfstmedia.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .zedo.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .zedo.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .zedo.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .zedo.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    reztrack.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    reztrack.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    reztrack.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    reztrack.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    reztrack.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    reztrack.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    reztrack.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    reztrack.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .r1-ads.ace.advertising.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .advertising.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .media6degrees.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .media6degrees.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .media6degrees.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .media6degrees.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    www.burstnet.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .burstnet.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .burstnet.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .holidayinsights.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    holidayinsights.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .apmebf.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    www.holidayinsights.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .apmebf.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .advertising.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .advertising.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .advertising.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .adxpose.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .adbrite.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .adbrite.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .adbrite.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .adbrite.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .adbrite.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    statse.webtrendslive.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .statcounter.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .kontera.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .legolas-media.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .legolas-media.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .legolas-media.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .revsci.net [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .revsci.net [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .revsci.net [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .revsci.net [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .revsci.net [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .accounts.google.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .accounts.google.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    accounts.google.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    accounts.google.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    accounts.google.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .pointroll.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\ANNE GENOVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    ad.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\APPLICATION DATA\MACROMEDIA\FLASH

    PLAYER\#SHAREDOBJECTS\5H7EAXQV ]
    cdn4.specificclick.net [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\APPLICATION DATA\MACROMEDIA\FLASH

    PLAYER\#SHAREDOBJECTS\5H7EAXQV ]
    content.oddcast.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\APPLICATION DATA\MACROMEDIA\FLASH

    PLAYER\#SHAREDOBJECTS\5H7EAXQV ]
    core.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\APPLICATION DATA\MACROMEDIA\FLASH

    PLAYER\#SHAREDOBJECTS\5H7EAXQV ]
    memecounter.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\APPLICATION DATA\MACROMEDIA\FLASH

    PLAYER\#SHAREDOBJECTS\5H7EAXQV ]
    speed.pointroll.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\APPLICATION DATA\MACROMEDIA\FLASH

    PLAYER\#SHAREDOBJECTS\5H7EAXQV ]
    udn.specificclick.net [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\APPLICATION DATA\MACROMEDIA\FLASH

    PLAYER\#SHAREDOBJECTS\5H7EAXQV ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\COOKIES\[email protected][1].TXT [ /247REALMEDIA ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\COOKIES\[email protected][1].TXT [ /2O7 ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\COOKIES\[email protected][1].TXT [ /ACCOUNTS.GOOGLE ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\COOKIES\[email protected][1].TXT [ /AD.DOUBLECLICK ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\COOKIES\[email protected][2].TXT [ /AD.WSOD ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\COOKIES\[email protected][2].TXT [ /AD.YIELDMANAGER ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\COOKIES\[email protected][3].TXT [ /AD.YIELDMANAGER ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\COOKIES\[email protected][2].TXT [ /ADBRITE ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\COOKIES\[email protected][2].TXT [ /ADS.AD4GAME ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\COOKIES\[email protected][1].TXT [ /ADS.CNN ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\COOKIES\[email protected][2].TXT [ /ADS.CNN ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\COOKIES\[email protected][2].TXT [ /ADS.MYCOUPONS ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\COOKIES\[email protected][2].TXT [ /ADS.PUBMATIC ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\COOKIES\[email protected][1].TXT [ /ADS.UNDERTONE ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\COOKIES\[email protected][2].TXT [ /ADS.WEBKINZ ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\COOKIES\[email protected][1].TXT [ /ADS2.THEAWL ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\COOKIES\CLAIRE_AND_AUSTI[email protected][2].TXT [ /ADVERTISING ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\COOKIES\[email protected][1].TXT [ /AIM4MEDIA ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\COOKIES\[email protected][2].TXT [ /ATDMT ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\COOKIES\[email protected][1].TXT [ /BLUESTREAK ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\COOKIES\[email protected][2].TXT [ /BURSTNET ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\COOKIES\[email protected][1].TXT [ /CDN4.SPECIFICCLICK ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\COOKIES\[email protected][2].TXT [

    /CONTENT.YIELDMANAGER ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\COOKIES\[email protected][2].TXT [ /IMRWORLDWIDE ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\COOKIES\[email protected][1].TXT [ /KITARAMEDIA.122.2O7 ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\COOKIES\[email protected][1].TXT [ /LEGOLAS-MEDIA ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\COOKIES\[email protected][1].TXT [ /LOCKEDONMEDIA ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\COOKIES\[email protected][2].TXT [ /MEDIA6DEGREES ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\COOKIES\[email protected][1].TXT [ /POINTROLL ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\COOKIES\[email protected][2].TXT [

    /R1-ADS.ACE.ADVERTISING ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\COOKIES\[email protected][1].TXT [ /SPECIFICMEDIA ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\COOKIES\[email protected][2].TXT [ /THEFIND ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\COOKIES\[email protected][2].TXT [ /TRIBALFUSION ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\COOKIES\[email protected][1].TXT [ /VIACOM.ADBUREAU ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\COOKIES\[email protected][1].TXT [

    /WWW5.ADDFREESTATS ]
    C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\COOKIES\[email protected][2].TXT [ /XM.XTENDMEDIA ]
    .knowledgeadventure.122.2o7.net [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION

    DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .pointroll.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .atdmt.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .revsci.net [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .trafficmp.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .legolas-media.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .doubleclick.net [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .interclick.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .interclick.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .interclick.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .search.costumediscounters.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION

    DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .costumediscounters.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    search.costumediscounters.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION

    DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .tracking.dsmmadvantage.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION

    DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .costumediscounters.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .costumediscounters.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .costumediscounters.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .costumediscounters.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .costumediscounters.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .costumediscounters.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .costumediscounters.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .e-2dj6wjmiuodjsdp.stats.esomniture.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION

    DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .buycom.122.2o7.net [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    traffic.buyservices.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .steelhousemedia.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .apmebf.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .marketlive.122.2o7.net [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .adbrite.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .adbrite.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    www.burstbeacon.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .linksynergy.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .linksynergy.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .linksynergy.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .linksynergy.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .collective-media.net [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .converse.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .apmebf.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .mediaplex.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .apmebf.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .advertising.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .adxpose.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .mediaplex.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .getclicky.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .static.getclicky.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    in.getclicky.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .akamai.interclickproxy.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION

    DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .interclick.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .revsci.net [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .revsci.net [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .clickfuse.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .clickfuse.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .trafficmp.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .amazon-adsystem.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .amazon-adsystem.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    www.googleadservices.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION

    DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .hammacher.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .steelhousemedia.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .adserver.adtechus.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .interclick.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .atdmt.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .c.atdmt.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .c.atdmt.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .accounts.google.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .accounts.google.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .specificclick.net [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .media6degrees.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .lego.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .cisco.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .ru4.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .ru4.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .steelhousemedia.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    accounts.youtube.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    accounts.google.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    accounts.google.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .www.burstnet.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .viacom.adbureau.net [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .viacom.adbureau.net [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .viacom.adbureau.net [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .burstnet.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .r1-ads.ace.advertising.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION

    DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .advertising.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .at.atwola.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .yieldmanager.net [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    track.adform.net [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .realmedia.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .realmedia.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .zedo.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .zedo.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .tribalfusion.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .adbrite.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .adbrite.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .adbrite.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .casalemedia.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .casalemedia.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .casalemedia.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .casalemedia.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .casalemedia.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .casalemedia.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .zedo.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .collective-media.net [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .collective-media.net [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .collective-media.net [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .collective-media.net [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .collective-media.net [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .legolas-media.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .legolas-media.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .lucidmedia.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .collective-media.net [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .collective-media.net [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .collective-media.net [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .collective-media.net [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .legolas-media.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .legolas-media.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .zedo.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .collective-media.net [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .adbrite.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .media6degrees.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .media6degrees.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .media6degrees.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .media6degrees.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .media6degrees.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .zedo.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .zedo.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .adbrite.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .collective-media.net [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    track.adform.net [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .adform.net [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .realmedia.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .ad.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .bs.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .intermundomedia.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .intermundomedia.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .intermundomedia.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .advertising.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    ads.bridgetrack.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    ads.bridgetrack.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    ads.bridgetrack.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .network.realmedia.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .realmedia.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .2o7.net [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    www.burstnet.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    statse.webtrendslive.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .seescandyshops.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION

    DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .statcounter.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .revsci.net [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .pointroll.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .revsci.net [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .revsci.net [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .advertising.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .questionmarket.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .questionmarket.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .advertising.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .advertising.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .fastclick.net [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .mediaplex.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    accounts.google.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .accounts.google.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .trafficmp.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .trafficmp.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    .revsci.net [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\CLAIRE AND AUSTIN\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER

    DATA\DEFAULT\COOKIES ]


    Here is the OLT file:

    OTL logfile created on: 12/22/2011 10:28:41 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Anne Genova\Desktop
    Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.41 Gb Available Physical Memory | 70.41% Memory free
    3.35 Gb Paging File | 2.74 Gb Available in Paging File | 81.90% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74.46 Gb Total Space | 50.03 Gb Free Space | 67.19% Space Free | Partition Type: NTFS
    Drive F: | 74.50 Gb Total Space | 15.95 Gb Free Space | 21.41% Space Free | Partition Type: NTFS
    Drive G: | 596.17 Gb Total Space | 451.17 Gb Free Space | 75.68% Space Free | Partition Type: NTFS

    Computer Name: ANNEG | User Name: Anne Genova | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/12/22 22:16:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Anne Genova\Desktop\OTL.exe
    PRC - [2011/12/08 19:44:22 | 004,616,064 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    PRC - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
    PRC - [2010/11/02 21:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
    PRC - [2010/06/16 16:42:58 | 000,839,680 | ---- | M] () -- C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe
    PRC - [2010/05/03 18:00:18 | 001,156,440 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
    PRC - [2009/09/03 15:44:46 | 000,444,224 | ---- | M] (Rosetta Stone Ltd.) -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe
    PRC - [2009/02/10 15:33:09 | 000,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\SYSTEM32\java.exe
    PRC - [2008/12/12 17:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    PRC - [2008/12/12 17:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    PRC - [2008/11/13 14:43:49 | 000,204,800 | ---- | M] () -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
    PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/03/07 08:51:52 | 000,049,152 | ---- | M] () -- C:\WINDOWS\SYSTEM32\LxrSII1s.exe
    PRC - [2007/03/07 08:51:52 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Anne Genova\Local Settings\Application Data\Lexar Media\LxrAutorun.exe
    PRC - [2004/10/08 10:52:32 | 000,221,184 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\SYSTEM32\LVCOMSX.EXE
    PRC - [2003/08/13 11:27:40 | 000,028,672 | ---- | M] (Dell - Advanced Desktop Engineering) -- C:\WINDOWS\SYSTEM32\DSentry.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/12/22 22:07:57 | 000,063,488 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
    MOD - [2011/12/22 22:07:57 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
    MOD - [2011/12/22 17:47:00 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    MOD - [2011/12/22 17:46:59 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
    MOD - [2010/10/05 19:26:52 | 002,111,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avzkrnl.dll
    MOD - [2010/06/16 16:42:58 | 000,839,680 | ---- | M] () -- C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe
    MOD - [2008/12/12 17:11:26 | 000,148,480 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
    MOD - [2008/12/12 17:11:26 | 000,097,280 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CFirewallCOM.dll
    MOD - [2008/11/13 14:43:49 | 000,204,800 | ---- | M] () -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
    MOD - [2008/11/13 14:43:49 | 000,081,920 | ---- | M] () -- C:\Program Files\Linksys\Linksys Updater\lib\wrapper.dll
    MOD - [2007/03/07 08:51:52 | 000,049,152 | ---- | M] () -- C:\WINDOWS\SYSTEM32\LxrSII1s.exe
    MOD - [2007/03/07 08:51:52 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Anne Genova\Local Settings\Application Data\Lexar Media\LxrAutorun.exe
    MOD - [2006/08/29 14:05:15 | 000,051,716 | ---- | M] () -- C:\WINDOWS\SYSTEM32\pdf995mon.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
    SRV - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
    SRV - [2010/11/02 21:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -- (AVP)
    SRV - [2010/05/03 18:00:18 | 001,156,440 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
    SRV - [2009/09/03 15:44:46 | 000,444,224 | ---- | M] (Rosetta Stone Ltd.) [Auto | Running] -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe -- (RosettaStoneDaemon)
    SRV - [2008/12/12 17:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
    SRV - [2008/11/13 14:43:49 | 000,204,800 | ---- | M] () [Auto | Running] -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)
    SRV - [2007/11/13 20:27:59 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2007/03/07 08:51:52 | 000,049,152 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\LxrSII1s.exe -- (LxrSII1s)
    SRV - [2003/03/03 14:33:40 | 000,143,360 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)
    SRV - [2000/05/24 15:20:36 | 000,015,360 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\ATMsrvc.exe -- (ATMsrvc)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2011/06/21 18:02:17 | 000,475,736 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\klif.sys -- (KLIF)
    DRV - [2010/07/14 12:51:56 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctxusbm.sys -- (ctxusbm)
    DRV - [2010/06/09 15:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\kl2.sys -- (kl2)
    DRV - [2010/06/09 15:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\kl1.sys -- (KL1)
    DRV - [2010/05/07 10:06:26 | 000,032,856 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\klim5.sys -- (klim5)
    DRV - [2010/05/03 17:54:20 | 000,018,560 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\FlyUsb.sys -- (FlyUsb)
    DRV - [2009/11/02 18:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\klmouflt.sys -- (klmouflt)
    DRV - [2008/12/12 17:05:20 | 000,025,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\purendis.sys -- (purendis)
    DRV - [2008/12/12 17:05:18 | 000,023,984 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pnarp.sys -- (pnarp)
    DRV - [2007/03/07 08:51:52 | 000,072,672 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LxrSII1d.sys -- (LxrSII1d)
    DRV - [2007/01/29 16:29:19 | 000,016,694 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\PalmUSBD.sys -- (PalmUSBD)
    DRV - [2007/01/25 16:41:30 | 000,014,416 | ---- | M] (Portrait Displays, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pdihwctl.sys -- (PDIHWCTL)
    DRV - [2006/11/01 23:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\WimFltr.sys -- (WimFltr)
    DRV - [2005/01/31 05:26:06 | 000,912,768 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LV302AV.SYS -- (PID_08A0) QuickCam IM(PID_08A0)
    DRV - [2005/01/31 05:19:20 | 000,007,104 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\lv302af.sys -- (pepifilter)
    DRV - [2005/01/31 05:12:46 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LVUSBSta.sys -- (LVUSBSta)
    DRV - [2004/08/03 22:29:50 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
    DRV - [2004/08/03 22:29:48 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
    DRV - [2004/08/03 22:29:46 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
    DRV - [2004/08/03 22:29:44 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
    DRV - [2004/08/03 22:29:44 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
    DRV - [2004/08/03 22:29:42 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
    DRV - [2004/08/03 22:29:38 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
    DRV - [2004/08/03 22:29:38 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
    DRV - [2004/08/03 22:29:38 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
    DRV - [2004/08/03 22:29:38 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
    DRV - [2003/11/27 08:49:46 | 000,026,045 | ---- | M] (GretagMacbeth) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i1.sys -- (i1)
    DRV - [2003/08/29 03:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMSM.sys -- (BCMModem)
    DRV - [2003/05/28 18:53:46 | 000,017,005 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32)
    DRV - [2002/11/08 14:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
    DRV - [2001/08/17 13:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)
    DRV - [2001/05/08 19:11:24 | 000,015,872 | ---- | M] (HMSA) [Kernel | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\DPPSUSB.sys -- (DPPSUSB)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Google"
    FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.startup.homepage: "http://www.cnn.com/"

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Citrix.com/npagee,version=9.1.104.5: C:\Program Files\Citrix\Secure Access Client\npagee.dll (Citrix Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll File not found
    FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Documents and Settings\Anne Genova\Application Data\nprhapengine.dll File not found
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Documents and Settings\Anne Genova\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected] [2011/06/21 18:23:20 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected] [2011/06/21 18:23:18 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected] [2011/06/21 18:23:19 | 000,000,000 | ---D | M]

    [2005/08/22 09:11:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Anne Genova\Application Data\Mozilla\Firefox\Profiles\9ka3jp09.default\extensions
    [2005/08/22 09:11:31 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Anne Genova\Application Data\Mozilla\Firefox\Profiles\9ka3jp09.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    [2005/03/09 14:55:12 | 000,000,000 | ---D | M] (Firefox (default)) -- C:\Documents and Settings\Anne Genova\Application Data\Mozilla\Firefox\Profiles\9ka3jp09.default\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    [2009/02/10 15:34:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2005/03/01 06:10:00 | 000,832,728 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Anne Genova\Local Settings\Application Data\Google\Chrome\Application\9.0.597.98\pdf.dll
    CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Documents and Settings\Anne Genova\Local Settings\Application Data\Google\Chrome\Application\9.0.597.98\gears.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Anne Genova\Local Settings\Application Data\Google\Chrome\Application\9.0.597.98\gcswf32.dll
    CHR - plugin: Citrix Access Gateway (Enabled) = C:\Documents and Settings\Anne Genova\Application Data\Mozilla\plugins\npagee.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java(TM) Platform SE 6 U12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
    CHR - plugin: Java(TM) Platform SE 6 U12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin8.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Anne Genova\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
    CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
    CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
    CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
    CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
    CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin

    O1 HOSTS File: ([2009/04/12 21:55:40 | 000,312,232 | R--- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.0scan.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
    O1 - Hosts: 127.0.0.1 www.1001namen.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.1-2005-search.com
    O1 - Hosts: 127.0.0.1 1-2005-search.com
    O1 - Hosts: 10750 more lines...
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (&RetailMeNot BHO) - {4F6AA3AB-A613-4736-A609-12B27F676631} - C:\Documents and Settings\Anne Genova\Application Data\RetailMeNot Add-on\RetailMeNot.dll ()
    O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
    O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
    O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
    O3 - HKLM\..\Toolbar: (&RetailMeNot Toolbar) - {D207474F-6F4D-4e1e-81DC-9D2AA28A03CB} - C:\Documents and Settings\Anne Genova\Application Data\RetailMeNot Add-on\RetailMeNot.dll ()
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (&RetailMeNot Toolbar) - {D207474F-6F4D-4E1E-81DC-9D2AA28A03CB} - C:\Documents and Settings\Anne Genova\Application Data\RetailMeNot Add-on\RetailMeNot.dll ()
    O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
    O4 - HKLM..\Run: [DVDSentry] C:\WINDOWS\SYSTEM32\DSentry.exe (Dell - Advanced Desktop Engineering)
    O4 - HKLM..\Run: [GBMPro8Agent] C:\Program Files\Genie-Soft\GBMPro8\GBMAgent.exe (Genie-soft)
    O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\SYSTEM32\LVCOMSX.EXE (Logitech Inc.)
    O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
    O4 - HKCU..\Run: [GBMPro8Agent] C:\Program Files\Genie-Soft\GBMPro8\GBMAgent.exe (Genie-soft)
    O4 - HKCU..\Run: [LxrAutorun] C:\Documents and Settings\Anne Genova\Local Settings\Application Data\Lexar Media\LxrAutorun.exe ()
    O4 - HKCU..\Run: [OpenDNS Updater] C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe ()
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    O4 - HKLM..\RunOnceEx: [Register Homesite+.exe] C:\Program Files\Macromedia\HomeSite+\Homesite+.exe (Macromedia, Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2011/12/07 11:58:34 | 000,000,000 | -H-D | M]
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logo Calibration Loader.lnk = C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe (LOGO Kommunikations- und Drucktechnik GmbH & Co. KG)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ProfileReminder.lnk = C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe (LOGO Kommunikations- und Drucktechnik GmbH & Co. KG)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm ()
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
    O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
    O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKCU\..Trusted Domains: earthlink.net ([webmail.atl] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: google.com ([maps] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} http://download.ewido.net/ewidoOnlineScan.cab (ewidoOnlineScan Control)
    O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc.cab (Office Update Installation Engine)
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://www.vzwpix.com/activex/VerizonWirelessUploadControl.cab (Verizon Wireless Media Upload)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://msbcam.bact.wisc.edu/activex/AxisCamControl.cab (CamImage Class)
    O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterfly.com/downloads/Uploader.cab (Shutterfly Picture Upload Plugin)
    O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} http://www.ritzpix.com/net/Uploader/ImageUploader3.cab (Aurigma Image Uploader 3.5 Control)
    O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} http://offers.e-centives.com/cif/download/bin/actxcab.cab (CBSTIEPrint Class)
    O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} http://www.microsoft.com/security/controls/SassCln.CAB (SassCln Object)
    O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} http://www.ritzpix.com/upload/FujifilmUploadClient.cab (FujifilmUploader Class)
    O16 - DPF: {AE6C4705-0F11-4ACB-BDD4-37F138BEF289} http://www.ritzpix.com/net/Uploader/LPUploader41.cab (Image Uploader Control)
    O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} http://support.f-secure.com/ols/fscax.cab (F-Secure Online Scanner 3.3)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
    O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
    O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab (Quantum Streaming IE Player Class)
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,6001/mcfscan.cab (McFreeScan Class)
    O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.68.166 68.87.74.166
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{35929760-7364-482A-A435-D5B3BCA4DA6C}: DhcpNameServer = 68.87.68.166 68.87.74.166
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{35929760-7364-482A-A435-D5B3BCA4DA6C}: NameServer = 208.67.222.222,208.67.220.220
    O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) -C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\kloehk.dll (Kaspersky Lab ZAO)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
    O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\WINDOWS\SYSTEM32\klogon.dll (Kaspersky Lab ZAO)
    O24 - Desktop WallPaper: C:\Documents and Settings\Anne Genova\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Anne Genova\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2002/09/03 09:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O33 - MountPoints2\{22e84626-98b5-11de-81ab-0007e94aea05}\Shell\AutoRun\command - "" = H:\Setup_FlipShare.exe
    O33 - MountPoints2\{22e84626-98b5-11de-81ab-0007e94aea05}\Shell\Setup FlipShare\command - "" = H:\Setup_FlipShare.exe
    O33 - MountPoints2\{db05cf82-f61a-11dd-80e4-0007e94aea05}\Shell\AutoRun\command - "" = G:\wd_windows_tools\WDSetup.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/12/22 22:16:33 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Anne Genova\Desktop\OTL.exe
    [2011/12/22 17:46:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anne Genova\Application Data\SUPERAntiSpyware.com
    [2011/12/22 17:46:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
    [2011/12/22 17:45:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    [2011/12/22 17:45:56 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2011/12/22 17:45:12 | 013,706,952 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Anne Genova\Desktop\SUPERAntiSpyware.exe
    [2011/12/20 17:28:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anne Genova\My Documents\My Scans
    [2011/12/13 16:36:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anne Genova\Application Data\JAM Software
    [2011/12/13 16:36:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TreeSize Free
    [2011/12/13 16:36:08 | 000,000,000 | ---D | C] -- C:\Program Files\JAM Software
    [2011/12/13 16:34:49 | 003,013,088 | ---- | C] (JAM Software ) -- C:\Documents and Settings\Anne Genova\Desktop\TreeSizeFreeSetup.exe
    [2011/12/13 14:31:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anne Genova\Application Data\OpenDNS Updater
    [2011/12/13 14:31:20 | 000,000,000 | ---D | C] -- C:\Program Files\OpenDNS Updater
    [2011/12/13 12:59:29 | 002,405,568 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Anne Genova\Desktop\HousecallLauncher64.exe
    [2011/12/13 12:54:54 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2011/12/13 12:54:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2011/12/13 12:48:52 | 003,903,528 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Anne Genova\Desktop\avg_free_stb_all_2012_1873_cnet.exe
    [2011/12/13 11:25:32 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Anne Genova\Desktop\dds.com
    [2011/12/13 11:23:21 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Anne Genova\Desktop\HijackThis.exe
    [2011/12/07 10:12:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IObit
    [2011/12/07 10:11:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anne Genova\Application Data\IObit
    [2011/12/07 10:11:13 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
    [2011/12/06 23:00:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Anne Genova\My Documents\My Pictures
    [2011/12/06 23:00:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Anne Genova\My Documents\My Music
    [2011/12/06 22:44:15 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Anne Genova\Recent
    [2011/12/06 20:16:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
    [2011/12/06 20:14:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anne Genova\My Documents\Downloads
    [2011/12/06 08:45:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anne Genova\My Documents\see F drive for documents
    [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/12/22 22:47:00 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3B15FE86-26A3-484F-8831-376401E5A225}.job
    [2011/12/22 22:39:00 | 000,001,002 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3429979720-4235014302-1840635033-1009UA.job
    [2011/12/22 22:16:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Anne Genova\Desktop\OTL.exe
    [2011/12/22 22:08:02 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
    [2011/12/22 22:06:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
    [2011/12/22 21:56:00 | 000,001,026 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3429979720-4235014302-1840635033-1011UA.job
    [2011/12/22 17:46:01 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2011/12/22 17:45:34 | 013,706,952 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Anne Genova\Desktop\SUPERAntiSpyware.exe
    [2011/12/22 14:39:00 | 000,000,950 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3429979720-4235014302-1840635033-1009Core.job
    [2011/12/22 09:55:43 | 000,000,378 | ---- | M] () -- C:\WINDOWS\tasks\GBM - Anne Backup-Full.job
    [2011/12/22 05:56:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3429979720-4235014302-1840635033-1011Core.job
    [2011/12/21 23:00:00 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\GBM - C F Drive Differential Backup-Full.job
    [2011/12/13 16:49:20 | 000,000,459 | ---- | M] () -- C:\Documents and Settings\Anne Genova\Desktop\Temp.lnk
    [2011/12/13 16:36:08 | 000,000,874 | ---- | M] () -- C:\Documents and Settings\Anne Genova\Desktop\TreeSize Free.lnk
    [2011/12/13 16:34:50 | 003,013,088 | ---- | M] (JAM Software ) -- C:\Documents and Settings\Anne Genova\Desktop\TreeSizeFreeSetup.exe
    [2011/12/13 14:25:05 | 000,225,336 | ---- | M] () -- C:\Documents and Settings\Anne Genova\Desktop\OpenDNS-Updater-2.2.1.exe
    [2011/12/13 12:59:38 | 002,405,568 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Anne Genova\Desktop\HousecallLauncher64.exe
    [2011/12/13 12:53:41 | 000,035,840 | ---- | M] () -- C:\Documents and Settings\Anne Genova\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/12/13 12:49:03 | 003,903,528 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Anne Genova\Desktop\avg_free_stb_all_2012_1873_cnet.exe
    [2011/12/13 11:25:33 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Anne Genova\Desktop\dds.com
    [2011/12/13 11:23:21 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Anne Genova\Desktop\HijackThis.exe
    [2011/12/07 06:24:52 | 001,759,200 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2011/12/06 22:48:37 | 000,001,802 | ---- | M] () -- C:\Documents and Settings\Anne Genova\My Documents\registry backup2 12.7.11.reg
    [2011/12/06 22:46:34 | 000,055,454 | ---- | M] () -- C:\Documents and Settings\Anne Genova\My Documents\registry backup 12.7.11.reg
    [2011/12/06 20:16:34 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
    [2011/12/04 22:56:59 | 000,008,141 | ---- | M] () -- C:\Documents and Settings\Anne Genova\Desktop\calendar_2011-12-05_2011-12-12.pdf
    [2011/11/28 16:45:00 | 000,093,243 | ---- | M] () -- C:\Documents and Settings\Anne Genova\Desktop\dinosaur-train-mrs-pteranodon-figure-desc.jpg
    [2011/11/27 21:18:39 | 000,348,974 | ---- | M] () -- C:\Documents and Settings\Anne Genova\Desktop\claire_collar_bone.pdf
    [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/12/22 17:46:01 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2011/12/20 17:44:44 | 000,000,378 | ---- | C] () -- C:\WINDOWS\tasks\GBM - Anne Backup-Full.job
    [2011/12/13 16:49:20 | 000,000,459 | ---- | C] () -- C:\Documents and Settings\Anne Genova\Desktop\Temp.lnk
    [2011/12/13 16:36:08 | 000,000,874 | ---- | C] () -- C:\Documents and Settings\Anne Genova\Desktop\TreeSize Free.lnk
    [2011/12/13 14:31:24 | 000,001,659 | ---- | C] () -- C:\Documents and Settings\Anne Genova\Start Menu\Programs\OpenDNS Updater.lnk
    [2011/12/13 14:25:05 | 000,225,336 | ---- | C] () -- C:\Documents and Settings\Anne Genova\Desktop\OpenDNS-Updater-2.2.1.exe
    [2011/12/07 11:58:29 | 000,020,312 | ---- | C] () -- C:\WINDOWS\System32\RegistryDefragBootTime.exe
    [2011/12/06 22:48:35 | 000,001,802 | ---- | C] () -- C:\Documents and Settings\Anne Genova\My Documents\registry backup2 12.7.11.reg
    [2011/12/06 22:46:29 | 000,055,454 | ---- | C] () -- C:\Documents and Settings\Anne Genova\My Documents\registry backup 12.7.11.reg
    [2011/12/06 20:16:34 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
    [2011/12/04 22:57:05 | 000,008,141 | ---- | C] () -- C:\Documents and Settings\Anne Genova\Desktop\calendar_2011-12-05_2011-12-12.pdf
    [2011/11/28 16:45:05 | 000,093,243 | ---- | C] () -- C:\Documents and Settings\Anne Genova\Desktop\dinosaur-train-mrs-pteranodon-figure-desc.jpg
    [2011/11/27 21:18:40 | 000,348,974 | ---- | C] () -- C:\Documents and Settings\Anne Genova\Desktop\claire_collar_bone.pdf
    [2011/09/12 14:58:29 | 000,067,568 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2011/06/21 18:05:44 | 000,115,369 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
    [2011/06/21 18:05:44 | 000,097,961 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
    [2010/02/07 22:53:37 | 000,023,113 | ---- | C] () -- C:\WINDOWS\hpqins15.dat
    [2010/02/07 22:39:12 | 000,077,378 | ---- | C] () -- C:\WINDOWS\hpqins05.dat
    [2010/02/06 10:35:28 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
    [2010/02/06 10:32:56 | 000,098,136 | ---- | C] () -- C:\WINDOWS\gzip.exe
    [2010/01/07 14:42:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
    [2010/01/07 13:54:41 | 000,147,102 | ---- | C] () -- C:\WINDOWS\hpoins31.dat
    [2010/01/07 13:54:40 | 000,000,945 | ---- | C] () -- C:\WINDOWS\hpomdl31.dat
    [2009/09/09 17:01:40 | 000,027,675 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat
    [2009/06/16 14:26:56 | 009,737,760 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
    [2009/06/16 14:26:56 | 001,269,792 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
    [2009/06/09 15:39:03 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2008/05/12 15:28:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
    [2008/05/06 14:36:02 | 000,072,672 | ---- | C] () -- C:\WINDOWS\System32\drivers\LxrSII1d.sys
    [2008/05/06 14:36:02 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\LxrSII1s.exe
    [2008/04/09 09:43:37 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
    [2008/02/19 01:33:34 | 000,446,352 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
    [2007/02/22 16:39:39 | 000,038,475 | ---- | C] () -- C:\Documents and Settings\Anne Genova\Application Data\Comma Separated Values (Windows).ADR
    [2006/12/30 23:07:00 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLeh.DAT
    [2006/12/30 17:25:47 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Pop Kit
    [2006/12/30 17:25:47 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Anne Genova\Application Data\Plug-Ins
    [2006/12/30 17:25:43 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLbz.DAT
    [2006/08/19 13:01:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\webica.ini
    [2006/04/02 13:26:53 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\uccspecb.sys
    [2005/12/09 18:29:47 | 000,038,462 | ---- | C] () -- C:\Documents and Settings\Anne Genova\Application Data\Microsoft Excel.ADR
    [2005/09/04 22:05:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
    [2005/08/21 15:14:14 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\InstMed.exe
    [2005/08/21 15:14:06 | 000,009,255 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
    [2005/08/10 14:40:03 | 000,000,048 | ---- | C] () -- C:\WINDOWS\wpd99.drv
    [2005/08/10 14:38:48 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
    [2005/08/10 14:37:51 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\pdfmona.dll
    [2005/08/10 14:37:51 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
    [2005/06/28 20:17:25 | 000,072,192 | ---- | C] () -- C:\WINDOWS\unlite3.exe
    [2005/06/28 20:17:07 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\lang_cfml.dll
    [2005/06/28 20:17:07 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\xml_datagrove.dll
    [2005/06/07 18:48:21 | 000,000,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\netfltConfig.dat
    [2005/06/07 10:05:51 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
    [2005/05/26 17:12:35 | 000,000,004 | ---- | C] () -- C:\WINDOWS\RM_RESULT.DAT
    [2005/05/26 17:12:20 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
    [2005/05/03 11:44:44 | 000,025,157 | ---- | C] () -- C:\WINDOWS\RMAgentOutput.dll
    [2005/05/03 11:43:44 | 000,126,976 | ---- | C] () -- C:\WINDOWS\dllTSCLIBMT.dll
    [2005/03/03 15:16:42 | 000,000,256 | ---- | C] () -- C:\WINDOWS\aucfg.ini
    [2005/02/24 19:37:35 | 000,000,048 | ---- | C] () -- C:\WINDOWS\EPSONR800.ini
    [2004/10/27 12:11:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Webspace.INI
    [2004/10/01 17:33:46 | 000,000,679 | ---- | C] () -- C:\WINDOWS\TSC.ini
    [2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2004/04/26 12:50:23 | 000,000,034 | ---- | C] () -- C:\WINDOWS\AuthMgr.INI
    [2004/04/02 10:12:59 | 000,010,121 | ---- | C] () -- C:\WINDOWS\mozver.dat
    [2004/02/13 09:22:33 | 001,759,200 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2004/02/03 19:11:49 | 000,000,030 | ---- | C] () -- C:\WINDOWS\INTURS.DAT
    [2004/01/31 13:18:46 | 000,035,840 | ---- | C] () -- C:\Documents and Settings\Anne Genova\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2004/01/30 20:26:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QUICKI~1.INI
    [2004/01/30 19:22:03 | 000,005,014 | ---- | C] () -- C:\WINDOWS\System32\Setup2k.ini
    [2004/01/30 19:22:03 | 000,000,267 | ---- | C] () -- C:\WINDOWS\System32\presetup.ini
    [2004/01/30 19:22:01 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\FSRremoC.DLL
    [2004/01/30 19:22:01 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\FSRremoS.EXE
    [2004/01/30 14:21:32 | 000,000,659 | ---- | C] () -- C:\WINDOWS\DELLSTAT.INI
    [2004/01/28 21:52:17 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Anne Genova\Local Settings\Application Data\fusioncache.dat
    [2004/01/28 14:08:46 | 000,067,584 | ---- | C] () -- C:\WINDOWS\unlite2.exe
    [2004/01/28 14:08:30 | 000,777,728 | ---- | C] () -- C:\WINDOWS\System32\SSLSVC.DLL
    [2004/01/28 14:08:30 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
    [2004/01/28 14:08:30 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\cfmsg.dll
    [2004/01/28 14:08:30 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
    [2004/01/28 13:48:38 | 000,000,244 | ---- | C] () -- C:\WINDOWS\qwimp.ini
    [2004/01/28 13:46:48 | 000,000,165 | ---- | C] () -- C:\WINDOWS\Quicken.ini
    [2004/01/27 22:02:50 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
    [2004/01/23 15:35:23 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2004/01/23 15:27:16 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2004/01/23 15:23:48 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
    [2004/01/23 15:17:50 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2004/01/23 15:16:33 | 000,000,136 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2004/01/23 15:12:41 | 000,000,884 | ---- | C] () -- C:\WINDOWS\orun32.ini
    [2004/01/23 14:59:06 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
    [2004/01/23 14:57:30 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
    [2004/01/23 14:57:26 | 000,463,200 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
    [2004/01/23 14:57:26 | 000,080,226 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
    [2004/01/23 14:57:16 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [2004/01/23 14:44:00 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2003/08/13 23:54:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2003/07/24 10:05:04 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\NS_ProWrite_RTF.dll
    [2003/02/05 12:11:12 | 000,000,126 | ---- | C] () -- C:\WINDOWS\System32\DLBAPLC.INI
    [2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
    [2002/09/03 09:59:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2002/09/03 09:56:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2002/09/03 09:31:46 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2002/09/03 09:31:44 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2002/08/29 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
    [2002/08/29 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
    [2002/08/29 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
    [2002/08/29 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
    [2002/08/29 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
    [2002/08/29 06:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2002/08/29 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
    [2002/07/04 14:05:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\tmupdate.ini
    [2001/12/14 13:34:46 | 000,164,864 | ---- | C] () -- C:\WINDOWS\patchw32.dll
    [2001/09/04 05:04:00 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT4.DAT
    [1999/07/23 13:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
    [1999/07/23 10:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll
    [1999/03/09 16:11:02 | 000,048,640 | ---- | C] () -- C:\WINDOWS\System32\dagiecfg.exe
    [1997/08/28 10:53:10 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\mapirtf.dll
    [1980/01/01 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

    ========== LOP Check ==========

    [2011/01/10 18:54:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
    [2011/12/13 12:54:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2007/01/29 16:34:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DataViz
    [2006/12/30 17:25:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Echo
    [2006/12/30 23:07:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
    [2010/06/10 08:32:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Genie-Soft
    [2008/01/15 13:20:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
    [2007/01/29 16:32:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
    [2011/12/07 10:12:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
    [2010/05/27 08:55:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leapfrog
    [2009/06/09 15:17:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Linksys
    [2011/12/13 12:56:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2011/06/20 13:54:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
    [2011/02/25 15:57:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RosettaStoneLtdServices
    [2006/12/30 23:07:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
    [2004/09/02 14:21:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    [2009/06/09 15:04:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{35ACA973-70F0-495F-9092-74A130711865}
    [2011/06/16 13:31:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2009/04/07 22:18:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    [2008/05/06 22:07:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anne Genova\Application Data\Aim
    [2009/02/11 13:47:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anne Genova\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2004/02/02 20:51:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anne Genova\Application Data\CoreFtp
    [2004/10/26 18:07:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anne Genova\Application Data\Earthlink
    [2011/07/03 15:49:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anne Genova\Application Data\Genie-Soft
    [2007/11/14 10:16:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anne Genova\Application Data\GretagMacbeth
    [2007/01/29 16:29:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anne Genova\Application Data\HotSync
    [2006/08/19 13:05:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anne Genova\Application Data\ICAClient
    [2011/12/07 10:11:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anne Genova\Application Data\IObit
    [2011/12/13 16:36:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anne Genova\Application Data\JAM Software
    [2004/01/30 09:15:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anne Genova\Application Data\Leadertech
    [2006/12/30 23:09:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anne Genova\Application Data\Nikon
    [2011/12/13 14:31:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anne Genova\Application Data\OpenDNS Updater
    [2005/05/23 13:40:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anne Genova\Application Data\OurPictures
    [2005/08/10 14:38:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anne Genova\Application Data\pdf995
    [2009/11/26 11:01:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anne Genova\Application Data\RetailMeNot Add-on
    [2008/02/11 15:12:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anne Genova\Application Data\School Zone Preferences
    [2006/05/02 15:46:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anne Genova\Application Data\Snapfish
    [2009/08/29 13:46:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anne Genova\Application Data\TuxPaint
    [2005/08/20 15:00:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anne Genova\Application Data\WeatherBug
    [2011/12/22 09:55:43 | 000,000,378 | ---- | M] () -- C:\WINDOWS\Tasks\GBM - Anne Backup-Full.job
    [2011/12/21 23:00:00 | 000,000,414 | ---- | M] () -- C:\WINDOWS\Tasks\GBM - C F Drive Differential Backup-Full.job
    [2011/12/22 22:47:00 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{3B15FE86-26A3-484F-8831-376401E5A225}.job

    ========== Purity Check ==========



    < End of report >

    And here is the Extras.txt file:

    OTL Extras logfile created on: 12/22/2011 10:28:41 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Anne Genova\Desktop
    Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.41 Gb Available Physical Memory | 70.41% Memory free
    3.35 Gb Paging File | 2.74 Gb Available in Paging File | 81.90% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74.46 Gb Total Space | 50.03 Gb Free Space | 67.19% Space Free | Partition Type: NTFS
    Drive F: | 74.50 Gb Total Space | 15.95 Gb Free Space | 21.41% Space Free | Partition Type: NTFS
    Drive G: | 596.17 Gb Total Space | 451.17 Gb Free Space | 75.68% Space Free | Partition Type: NTFS

    Computer Name: ANNEG | User Name: Anne Genova | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .js [@ = JSFile] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    jsfile [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
    "DisableMonitoring" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
    "DisableMonitoring" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002
    "427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
    "427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service
    "427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
    "427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5
    "C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
    "D:\setup\hpznui01.exe" = D:\setup\hpznui01.exe:*:Enabled:hpznui01.exe
    "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
    "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
    "C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe
    "C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
    "C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe
    "C:\Program Files\Citrix\Secure Access Client\nsepa.exe" = C:\Program Files\Citrix\Secure Access Client\nsepa.exe:*:Enabled:Citrix Access Gateway Endpoint Analysis -- (Citrix Systems, Inc)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Palm\HOTSYNC.EXE" = C:\Program Files\Palm\HOTSYNC.EXE:*:Enabled:HotSync® Manager Application -- (PalmSource, Inc)
    "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\SAGENT4.EXE" = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\SAGENT4.EXE:*:Enabled:SAgent4 -- (SEIKO EPSON CORPORATION)
    "C:\Program Files\Kapersky\setup.exe" = C:\Program Files\Kapersky\setup.exe:*:Enabled:Kaspersky Internet Security 7.0 Setup -- (Kaspersky Lab)
    "C:\WINDOWS\SYSTEM32\fxsclnt.exe" = C:\WINDOWS\SYSTEM32\fxsclnt.exe:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation)
    "C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
    "C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
    "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
    "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
    "C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
    "C:\Program Files\Citrix\Secure Access Client\nsepa.exe" = C:\Program Files\Citrix\Secure Access Client\nsepa.exe:*:Enabled:Citrix Access Gateway Endpoint Analysis -- (Citrix Systems, Inc)
    "C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe" = C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe:127.0.0.1/255.255.255.255:Enabled:Rosetta Stone Ltd Services -- (Rosetta Stone Ltd.)
    "C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe" = C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe:127.0.0.1/255.255.255.255:Enabled:Rosetta Stone Daemon -- (Rosetta Stone Ltd.)
    "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe" = C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:pure Networks Platform Service -- (Cisco Systems, Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
    "{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
    "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
    "{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
    "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
    "{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
    "{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
    "{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
    "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{199C20D6-10D3-4210-B361-4760209F56AE}" = Citrix online plug-in (Web)
    "{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
    "{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 12
    "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
    "{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
    "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
    "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
    "{326057C5-6185-4C85-A630-9C2FC2DB3F93}" = Rosetta Stone Ltd Services
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
    "{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
    "{3B0F52AC-EF5C-4831-B221-06C782E41280}" = Quicken 2008
    "{3ECCB578-504E-4F7A-A8B4-CF4F3B939B44}" = Citrix online plug-in (USB)
    "{410438A3-B591-4028-B70A-3CC0B33FBCD1}" =
    "{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
    "{4915A273-16A5-42E7-B258-65BD92862D2E}_is1" = Genie Backup Manager Pro 8.0
    "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
    "{4B222C8E-8DEB-4DBC-B57A-78BEB72ABD3A}" = LeapFrog Connect
    "{4B62F7A3-2933-4C52-A3CE-345C8F53A08F}" = ICC Color Profiles
    "{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
    "{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
    "{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
    "{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
    "{53B78C5E-F179-4BB9-96DA-861F56ACE100}_is1" = RetailMeNot Add-on 1.0
    "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
    "{54DD126C-E5F5-404C-B4B7-66DF7FD4F2FF}" = MSSoap
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
    "{5E835305-63BB-4E55-BBB7-EEBBE67774DB}" = Sonic MyDVD
    "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
    "{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
    "{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
    "{678094A1-6250-476B-9AFF-4376E48F135C}" = Citrix online plug-in (DV)
    "{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide
    "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
    "{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
    "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
    "{735D7AC9-BC7B-4491-9D06-7F4642849E7C}" = P.I.M. II Plug-In
    "{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
    "{77D2A9D3-5800-43E3-B274-87841BC87DB2}" = Adobe ExtendScript Toolkit 2
    "{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
    "{78AC18A2-12A9-4102-B0B7-C7558182D212}" = C6300
    "{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
    "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
    "{818CBFBE-F23E-45E3-B67B-55FBCF945F37}" = MFC80
    "{820A2AC0-7057-457D-AAAD-EEB1993D58B5}" = Citrix Access Gateway Endpoint Analysis
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
    "{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
    "{88D18C5E-5113-4A1E-8EC9-2B7E24688A14}" = PS_AIO_04_C6300_Software_Min
    "{8AE03988-8C8C-40EE-BDC7-76781BEF1B1D}" = Adobe Setup
    "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
    "{8D3562E7-C795-4B5D-A091-6DAA3FF0DF3B}" = Macromedia HomeSite+
    "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
    "{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
    "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
    "{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
    "{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
    "{95120000-0038-0409-0000-0000000FF1CE}" = Time Zone Data Update Tool for Microsoft Office Outlook
    "{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
    "{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
    "{98DF85D9-96C0-4F57-A92E-C3539477EF5E}" = DVDSentry
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9B79DCB0-AAD7-456B-8D07-433C936FA24B}" = DS21Patch
    "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
    "{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
    "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
    "{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
    "{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}" = Intel(R) PROSet
    "{A7BF5269-3E74-11D5-B00F-00104B398D77}" = QuarkXPress 5.01
    "{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
    "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
    "{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
    "{ADAED43C-BBD9-42C5-8B21-F4FBFA81E3C3}" = Palm
    "{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}" = TurboTax ItsDeductible 2006
    "{B2C7EA7C-4714-4682-ACDB-EEADA9830F86}" = Glossy Paper ICC Profiles
    "{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
    "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
    "{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
    "{B67217AF-5F33-4114-8DDD-5891092CFD7E}" = P.I.M. II Plug-In
    "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
    "{BA8DF709-6BAB-4092-91E0-4D67EFC12A98}" = HP Photosmart C6300 All-In-One Driver Software 12.0 Rel .4
    "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
    "{BF2A74BF-8D12-47F1-8B19-22B30AF6B0D1}" = Linksys EasyLink Advisor
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
    "{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
    "{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
    "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
    "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
    "{C897FCB3-2F8B-4185-8035-79E2AF3A92A4}" = iTunes
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
    "{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
    "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
    "{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
    "{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
    "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
    "{E06C8E13-7A8C-434C-8548-34BC4762212D}" = Logitech Harmony Remote Software 7
    "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
    "{EB807EB6-5179-48B7-98D4-7B4934A57A81}" = Documents To Go
    "{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
    "{F330293A-DB6A-4495-BE34-8DC9453CBFE1}" = LeapFrog Tag Plugin
    "{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
    "{F91E1833-2D7C-4725-B98A-C779FEC41946}" = EarthLink MDAC
    "{FA365307-1963-4D16-BD44-113C8F037AAD}" = Citrix online plug-in (HDX)
    "{FBDBC490-089D-4476-BF72-1F7A6368200A}" = Pure Networks Platform
    "{FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B}" = Banctec Service Agreement
    "3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
    "781745E87AFF80C0C1388CFF79D19ECAB2E9BB47" = Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
    "8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "Adobe SVG Viewer" = Adobe SVG Viewer
    "Adobe Type Manager 4.1" = Adobe Type Manager 4.1
    "Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
    "Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
    "Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
    "BCM V.92 56K Modem" = BCM V.92 56K Modem
    "CCleaner" = CCleaner
    "CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
    "Core FTP Lite 1.3" = Core FTP Lite 1.3
    "Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
    "DellSupport" = Dell Support 5.0.0 (766)
    "EPSON Printer and Utilities" = EPSON Printer Software
    "Eye-One Match_is1" = Eye-One Match 3.6.2
    "Film Factory" = Film Factory
    "HijackThis" = HijackThis 2.0.2
    "HP Imaging Device Functions" = HP Imaging Device Functions 12.0
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie8" = Windows Internet Explorer 8
    "InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
    "Intuit SiteBuilder" = Intuit SiteBuilder
    "Kyodai Mahjongg 2006_is1" = Kyodai Mahjongg 2006 v1.42
    "Linksys EasyLink Advisor" = Linksys EasyLink Advisor
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "MouseSuite98" = Mouse Suite
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
    "OpenDNS Updater" = OpenDNS Updater 2.2.1
    "Pdf995" = Pdf995
    "Picasa 3" = Picasa 3
    "PROSet" = Intel(R) PRO Network Adapters and Drivers
    "Q903235" = Internet Explorer Q903235
    "QcDrv" = Logitech® Camera Driver
    "RealPlayer 6.0" = RealPlayer
    "Shanghai for Palm OS" = Shanghai for Palm OS
    "Silent Package Run-Time Sample" = EPSON SPR800 Reference Guide
    "StreetPlugin" = Learn2 Player (Uninstall Only)
    "TagPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)
    "TopStyle Lite (Version 3.0)" = TopStyle Lite (Version 3.0)
    "TreeSize Free_is1" = TreeSize Free V2.6
    "TruVoice" = Lernout & Hauspie TruVoice for Microsoft Agent
    "Tux Paint_is1" = Tux Paint 0.9.21
    "UPCShell" = LeapFrog Connect
    "WebIQ" = WebIQ Client Software
    "WIC" = Windows Imaging Component
    "WinCal Application" = WinCal 4.3
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 2
    "winscp3_is1" = WinSCP 3.1
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 10/17/2011 2:43:30 AM | Computer Name = ANNEG | Source = Genie Backup Manager Professional Edition 8.0 | ID = 1
    Description = Data backup failed for Job "C_F_drives" Backup Size: 0 Bytes

    Error - 10/17/2011 11:15:50 PM | Computer Name = ANNEG | Source = VSS | ID = 8193
    Description = Volume Shadow Copy Service error: Unexpected error calling routine
    CoCreateInstance. hr = 0x80040154.

    Error - 10/17/2011 11:15:50 PM | Computer Name = ANNEG | Source = EventSystem | ID = 4609
    Description = The COM+ Event System detected a bad return code during its internal
    processing. HRESULT was 80004002 from line 464 of d:\comxp_sp2\com\com1x\src\events\tier2\notify.cpp.
    Please contact Microsoft Product Support Services to report this erro

    Error - 10/20/2011 8:27:09 PM | Computer Name = ANNEG | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 10/26/2011 8:27:21 PM | Computer Name = ANNEG | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This operation returned because the timeout period expired.

    Error - 10/26/2011 8:27:25 PM | Computer Name = ANNEG | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This operation returned because the timeout period expired.

    Error - 10/26/2011 8:48:16 PM | Computer Name = ANNEG | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 10/27/2011 1:08:04 AM | Computer Name = ANNEG | Source = VSS | ID = 12302
    Description = Volume Shadow Copy Service error: An internal inconsistency was detected
    in trying to contact shadow copy service writers. Please check to see that the
    Event Service and Volume Shadow Copy Service are operating properly.

    Error - 10/27/2011 1:08:39 AM | Computer Name = ANNEG | Source = Genie Backup Manager Professional Edition 8.0 | ID = 1
    Description = Data backup failed for Job "C_F_drives" Backup Size: 0 Bytes

    Error - 11/2/2011 10:12:20 PM | Computer Name = ANNEG | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    [ System Events ]
    Error - 12/13/2011 12:11:45 PM | Computer Name = ANNEG | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service EventSystem
    with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Error - 12/13/2011 12:13:32 PM | Computer Name = ANNEG | Source = Service Control Manager | ID = 7000
    Description = The DPPSUSB.Sys Sony DPP-SV55 USB Digital Photo Printer Driver service
    failed to start due to the following error: %%1058

    Error - 12/18/2011 10:16:22 PM | Computer Name = ANNEG | Source = Service Control Manager | ID = 7000
    Description = The DPPSUSB.Sys Sony DPP-SV55 USB Digital Photo Printer Driver service
    failed to start due to the following error: %%1058

    Error - 12/20/2011 6:19:27 PM | Computer Name = ANNEG | Source = Service Control Manager | ID = 7000
    Description = The DPPSUSB.Sys Sony DPP-SV55 USB Digital Photo Printer Driver service
    failed to start due to the following error: %%1058

    Error - 12/20/2011 6:19:27 PM | Computer Name = ANNEG | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the Kaspersky Anti-Virus
    Service service to connect.

    Error - 12/20/2011 6:19:27 PM | Computer Name = ANNEG | Source = Service Control Manager | ID = 7000
    Description = The Kaspersky Anti-Virus Service service failed to start due to the
    following error: %%1053

    Error - 12/22/2011 11:02:14 AM | Computer Name = ANNEG | Source = Service Control Manager | ID = 7000
    Description = The DPPSUSB.Sys Sony DPP-SV55 USB Digital Photo Printer Driver service
    failed to start due to the following error: %%1058

    Error - 12/22/2011 6:22:12 PM | Computer Name = ANNEG | Source = Service Control Manager | ID = 7034
    Description = The Advanced SystemCare Service 5 service terminated unexpectedly.
    It has done this 1 time(s).

    Error - 12/22/2011 6:24:09 PM | Computer Name = ANNEG | Source = Service Control Manager | ID = 7000
    Description = The DPPSUSB.Sys Sony DPP-SV55 USB Digital Photo Printer Driver service
    failed to start due to the following error: %%1058

    Error - 12/22/2011 11:07:21 PM | Computer Name = ANNEG | Source = Service Control Manager | ID = 7000
    Description = The DPPSUSB.Sys Sony DPP-SV55 USB Digital Photo Printer Driver service
    failed to start due to the following error: %%1058


    < End of report >

    Thanks in advance for your help!
    anne
     
  5. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    37,226
    Okay, firstly your Java is out of date, so lets look at that firstly:

    Please download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Now, go here and download the latest Java Version.


    --------------

    After doing the above, can you do this:

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following
      Code:
      :OTL
      SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
      FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
      FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
      FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll File not found
      FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Documents and Settings\Anne Genova\Application Data\nprhapengine.dll File not found
      O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
      O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
      O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} http://download.ewido.net/ewidoOnlineScan.cab (ewidoOnlineScan Control)
      O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
      O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} http://offers.e-centives.com/cif/dow...in/actxcab.cab (CBSTIEPrint Class)
      O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
      O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
      [2011/12/07 10:12:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IObit
      [2011/12/07 10:11:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anne Genova\Application Data\IObit
      [2011/12/07 10:11:13 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
      [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
      [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
      [2008/04/09 09:43:37 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
      [2011/12/07 10:12:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
      [2004/09/02 14:21:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
      [2011/12/07 10:11:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anne Genova\Application Data\IObit
      :Files
      ipconfig /flushdns /c
      :Commands 
      [purity] 
      [resethosts] 
      [emptytemp] 
      [emptyjava]
      [EMPTYFLASH] 
      [CREATERESTOREPOINT] 
      [Reboot]
    • Then click the Run Fix button at the top
    • Click OK.
    • OTL may ask to reboot the machine. Please do so if asked.
    • The report should appear in Notepad after the reboot. Copy/Paste the report in your next reply.


    -------------------
    And then can you do this:

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2

    • Double-click SystemLook.exe to run it.
    • Copy the content of the following codebox into the main textfield:
      Code:
      :folderfind
      *IObit
      *Viewpoint
      
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found at on your Desktop entitled SystemLook.txt

    ------------------------

    eddie
     
  6. durgon

    durgon Thread Starter

    Joined:
    Feb 8, 2009
    Messages:
    23
    Eddie-

    Thanks for your help so far! I got rid of all the previous versions of Java and installed the latest version. I began the process of running OTL with the fixes but got the error "Cannot create file C:\WINDOWS\System32\drivers\etc\Hosts"

    Then the machine locked up. Apparently, someone restarted the computer after it froze up. What would you recommend as the next step? Should I try to rerun OTL?

    Let me know!
    Thanks!
    Anne
     
  7. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    37,226
    Strange, normally only get that with Vista. Still, it is a strange world out there :p

    Yep, just re-run OTL as you did to create the two logs, but this time only the one will be created. That's fine, as most of the fix is for the first log :)

    Also, can you run the SystemLook as well, just to see if any files/folders are left ;)

    eddie
     
  8. durgon

    durgon Thread Starter

    Joined:
    Feb 8, 2009
    Messages:
    23
    Hi Eddie-

    I think it was my Kapersky Internet Security which prevented the OTL from writing it's file. I turned it off the second time and it ran fine. Below is the log file:


    All processes killed
    ========== OTL ==========
    Error: No service named RoxLiveShare9 was found to stop!
    Service\Driver key RoxLiveShare9 not found.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@viewpoint.com/VMP\ not found.
    Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
    Starting removal of ActiveX control {193C772A-87BE-4B19-A7BB-445B226FE9A1}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{193C772A-87BE-4B19-A7BB-445B226FE9A1}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{193C772A-87BE-4B19-A7BB-445B226FE9A1}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{193C772A-87BE-4B19-A7BB-445B226FE9A1}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{193C772A-87BE-4B19-A7BB-445B226FE9A1}\ not found.
    Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Starting removal of ActiveX control {A7EA8AD2-287F-11D3-B120-006008C39542}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{A7EA8AD2-287F-11D3-B120-006008C39542}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7EA8AD2-287F-11D3-B120-006008C39542}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A7EA8AD2-287F-11D3-B120-006008C39542}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7EA8AD2-287F-11D3-B120-006008C39542}\ not found.
    Starting removal of ActiveX control {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
    File oft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab not found.
    Starting removal of ActiveX control Microsoft XML Parser for Java
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
    Folder C:\Documents and Settings\All Users\Application Data\IObit\ not found.
    Folder C:\Documents and Settings\Anne Genova\Application Data\IObit\ not found.
    Folder C:\Program Files\IObit\ not found.
    File/Folder C:\WINDOWS\System32\*.tmp not found.
    File/Folder C:\WINDOWS\*.tmp not found.
    File C:\WINDOWS\System32\pool.bin not found.
    Folder C:\Documents and Settings\All Users\Application Data\IObit\ not found.
    Folder C:\Documents and Settings\All Users\Application Data\Viewpoint\ not found.
    Folder C:\Documents and Settings\Anne Genova\Application Data\IObit\ not found.
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Documents and Settings\Anne Genova\Desktop\cmd.bat deleted successfully.
    C:\Documents and Settings\Anne Genova\Desktop\cmd.txt deleted successfully.
    ========== COMMANDS ==========
    HOSTS file reset successfully

    [EMPTYTEMP]

    User: Administrator

    User: Administrator.ANNEG
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: All Users

    User: Anne Genova
    ->Temp folder emptied: 68632907 bytes
    ->Temporary Internet Files folder emptied: 9212634 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 25186197 bytes
    ->Flash cache emptied: 41684 bytes

    User: Claire and Austin
    ->Temp folder emptied: 54454487 bytes
    ->Temporary Internet Files folder emptied: 157560779 bytes
    ->Google Chrome cache emptied: 72849274 bytes
    ->Flash cache emptied: 63392 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: LocalService
    ->Temp folder emptied: 66016 bytes
    ->Temporary Internet Files folder emptied: 4196537 bytes
    ->Flash cache emptied: 348 bytes

    User: NetworkService
    ->Temp folder emptied: 195300 bytes
    ->Temporary Internet Files folder emptied: 1217730 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 908545 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 64619474 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 577924 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 439.00 mb


    [EMPTYJAVA]

    User: Administrator

    User: Administrator.ANNEG

    User: All Users

    User: Anne Genova
    ->Java cache emptied: 0 bytes

    User: Claire and Austin

    User: Default User

    User: LocalService

    User: NetworkService

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: Administrator.ANNEG

    User: All Users

    User: Anne Genova
    ->Flash cache emptied: 0 bytes

    User: Claire and Austin
    ->Flash cache emptied: 0 bytes

    User: Default User

    User: LocalService
    ->Flash cache emptied: 0 bytes

    User: NetworkService

    Total Flash Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point (0)

    OTL by OldTimer - Version 3.2.31.0 log created on 12282011_153419

    Files\Folders moved on Reboot...
    File\Folder C:\Documents and Settings\Anne Genova\Local Settings\Temp\Temporary Internet Files\Content.IE5\Z6O5242R\dref=http%253[1].net%252Fwebmail%252Fservlet%252FHttpNimletDriver%253Fnimlet%253DManageFolderContentNimlet%2526requestAction%253DdisplayFolderContent%2526isUserSpaceValid%253DY not found!
    File\Folder C:\Documents and Settings\Anne Genova\Local Settings\Temp\Temporary Internet Files\Content.IE5\Z6O5242R\dref=http%253[2].net%252Fwebmail%252Fservlet%252FHttpNimletDriver%253Fnimlet%253DManageFolderContentNimlet%2526requestAction%253DdisplayFolderContent%2526isUserSpaceValid%253DY not found!
    File\Folder C:\Documents and Settings\Anne Genova\Local Settings\Temp\Temporary Internet Files\Content.IE5\Z6O5242R\dref=http%253[3].net%252Fwebmail%252Fservlet%252FHttpNimletDriver%253Fnimlet%253DManageFolderContentNimlet%2526requestAction%253DdisplayFolderContent%2526isUserSpaceValid%253DY not found!
    File\Folder C:\Documents and Settings\Anne Genova\Local Settings\Temp\Temporary Internet Files\Content.IE5\Z6O5242R\dref=http%253[4].net%252Fwebmail%252Fservlet%252FHttpNimletDriver%253Fnimlet%253DManageFolderContentNimlet%2526requestAction%253DdisplayFolderContent%2526isUserSpaceValid%253DY not found!
    File\Folder C:\Documents and Settings\Anne Genova\Local Settings\Temp\Temporary Internet Files\Content.IE5\Z6O5242R\dref=[1].net%252Fwebmail%252Fservlet%252FHttpNimletDriver%253Fnimlet%253DManageEmailDetailNimlet%2526requestAction%253DshowEmail%2526folderName%253DINBOX%2526messageID%253D1799 not found!
    File\Folder C:\Documents and Settings\Anne Genova\Local Settings\Temp\Temporary Internet Files\Content.IE5\Z6O5242R\dref=[1].net%252Fwebmail%252Fservlet%252FHttpNimletDriver%253Fnimlet%253DManageEmailDetailNimlet%2526requestAction%253DshowEmail%2526folderName%253DINBOX%2526messageID%253D1805 not found!
    File\Folder C:\Documents and Settings\Anne Genova\Local Settings\Temp\Temporary Internet Files\Content.IE5\Z6O5242R\Main;MN=93225964;u=D7AD795DC133A562;wm=o;rm=1;inc=4;r131=1;chl=1;mar=1;hme=2;r5=1;r6=1;r13=1;r24=1;r28=1;r31=1;r185=1;chn=1;dwe=1;occ=2;wwm=1;ug=1;ccb=1;ccg=1;cct=1;ccp=[1] not found!
    File\Folder C:\Documents and Settings\Anne Genova\Local Settings\Temp\Temporary Internet Files\Content.IE5\Z6O5242R\Type%3dclick%26FlightID%3d26149%26AdID%3d32691%26TargetID%3d1095%26Segments%3d730,2592,2743,3030,3285,4527,4960,5516%26Redirect%3d;ord=cewnnId,bcuKedRcbixeo[1].htm not found!
    File\Folder C:\Documents and Settings\Anne Genova\Local Settings\Temp\Temporary Internet Files\Content.IE5\YLYZY6AU\dref=http%253[1].net%252Fwebmail%252Fservlet%252FHttpNimletDriver%253Fnimlet%253DManageFolderContentNimlet%2526requestAction%253DdisplayFolderContent%2526isUserSpaceValid%253DY not found!
    File\Folder C:\Documents and Settings\Anne Genova\Local Settings\Temp\Temporary Internet Files\Content.IE5\YLYZY6AU\dref=[1].net%252Fwebmail%252Fservlet%252FHttpNimletDriver%253Fnimlet%253DManageEmailDetailNimlet%2526requestAction%253DshowEmail%2526folderName%253DINBOX%2526messageID%253D1805 not found!
    File\Folder C:\Documents and Settings\Anne Genova\Local Settings\Temp\Temporary Internet Files\Content.IE5\YLYZY6AU\dref=[1].net%252Fwebmail%252Fservlet%252FHttpNimletDriver%253Fnimlet%253DManageEmailDetailNimlet%2526requestAction%253DshowEmail%2526folderName%253DINBOX%2526messageID%253D1807 not found!
    File\Folder C:\Documents and Settings\Anne Genova\Local Settings\Temp\Temporary Internet Files\Content.IE5\YLYZY6AU\Top;MN=93237071;u=D7AD795DC133A562;wm=o;rm=1;inc=4;r131=1;chl=1;mar=1;hme=2;r5=1;r6=1;r13=1;r24=1;r28=1;r31=1;r185=1;chn=1;dwe=1;occ=2;wwm=1;ug=1;ccb=1;ccg=1;cct=1;ccp=1[1] not found!
    File\Folder C:\Documents and Settings\Anne Genova\Local Settings\Temp\Temporary Internet Files\Content.IE5\YLYZY6AU\Type%3dclick%26FlightID%3d12249%26AdID%3d14398%26TargetID%3d1095%26Segments%3d730,2592,2743,3285%26Targets%3d1095,2742,1515%26Values%3d31,43,51,60,72,86,91,101,110,150,1[1].htm not found!
    File\Folder C:\Documents and Settings\Anne Genova\Local Settings\Temp\Temporary Internet Files\Content.IE5\YLYZY6AU\Type%3dclick%26FlightID%3d12249%26AdID%3d14398%26TargetID%3d1095%26Segments%3d730,2592,2743,3285%26Targets%3d1095,2742,1515%26Values%3d31,43,51,60,72,86,91,101,110,150,6[1].htm not found!
    File\Folder C:\Documents and Settings\Anne Genova\Local Settings\Temp\Temporary Internet Files\Content.IE5\OTNDLBU8\dref=[1].net%252Fwebmail%252Fservlet%252FHttpNimletDriver%253Fnimlet%253DManageEmailDetailNimlet%2526requestAction%253DshowEmail%2526folderName%253DINBOX%2526messageID%253D1806 not found!
    File\Folder C:\Documents and Settings\Anne Genova\Local Settings\Temp\Temporary Internet Files\Content.IE5\OTNDLBU8\dref=[1].net%252Fwebmail%252Fservlet%252FHttpNimletDriver%253Fnimlet%253DManageEmailDetailNimlet%2526requestAction%253DshowEmail%2526folderName%253DINBOX%2526messageID%253D1808 not found!
    File\Folder C:\Documents and Settings\Anne Genova\Local Settings\Temp\Temporary Internet Files\Content.IE5\OTNDLBU8\Main;MN=93192002;u=D7AD795DC133A562;wm=o;rm=1;inc=4;r131=1;chl=1;mar=1;hme=2;r5=1;r6=1;r13=1;r24=1;r28=1;r31=1;r185=1;chn=1;dwe=1;occ=2;wwm=1;ug=1;ccb=1;ccg=1;cct=1;ccp=[1] not found!
    File\Folder C:\Documents and Settings\Anne Genova\Local Settings\Temp\Temporary Internet Files\Content.IE5\OTNDLBU8\Main;MN=93227026;u=D7AD795DC133A562;wm=o;rm=1;inc=4;r131=1;chl=1;mar=1;hme=2;r5=1;r6=1;r13=1;r24=1;r28=1;r31=1;r185=1;chn=1;dwe=1;occ=2;wwm=1;ug=1;ccb=1;ccg=1;cct=1;ccp=[1] not found!
    File\Folder C:\Documents and Settings\Anne Genova\Local Settings\Temp\Temporary Internet Files\Content.IE5\OTNDLBU8\Type%3dclick%26FlightID%3d12249%26AdID%3d14398%26TargetID%3d1095%26Segments%3d730,2592,2743,3285%26Targets%3d1095,2742,1515%26Values%3d31,43,51,60,72,86,91,101,110,150,1[1].htm not found!
    File\Folder C:\Documents and Settings\Anne Genova\Local Settings\Temp\Temporary Internet Files\Content.IE5\OTNDLBU8\Type%3dclick%26FlightID%3d12249%26AdID%3d14398%26TargetID%3d1095%26Segments%3d730,2592,2743,3285%26Targets%3d1095,2742,1515%26Values%3d31,43,51,60,72,86,91,101,110,150,6[1].htm not found!
    File\Folder C:\Documents and Settings\Anne Genova\Local Settings\Temp\Temporary Internet Files\Content.IE5\OTNDLBU8\Type%3dclick%26FlightID%3d12249%26AdID%3d14398%26TargetID%3d1095%26Segments%3d730,2592,2743,3285%26Targets%3d1095,2742,1515%26Values%3d31,43,51,60,72,86,91,101,110,150,6[2].htm not found!
    File\Folder C:\Documents and Settings\Anne Genova\Local Settings\Temp\Temporary Internet Files\Content.IE5\OTNDLBU8\Type%3dclick%26FlightID%3d26145%26AdID%3d32588%26TargetID%3d1095%26Segments%3d730,2592,2743,3030,3285,4960,5516%26Redirect%3d;ord=onpImk,bcsquncefmtdv[1].htm not found!
    File\Folder C:\Documents and Settings\Anne Genova\Local Settings\Temp\Temporary Internet Files\Content.IE5\16W47KQZ\dref=http%253A%252F%252Fnetmail[1].net%252Fwebmail%252Fservlet%252FHttpNimletDriver%253Fnimlet%253DManageFolderContentNimlet%2526requestAction%253DdisplayFolderContent not found!
    File\Folder C:\Documents and Settings\Anne Genova\Local Settings\Temp\Temporary Internet Files\Content.IE5\16W47KQZ\Main;MN=93204663;u=D7AD795DC133A562;wm=o;rm=1;inc=4;r131=1;chl=1;mar=1;hme=2;r5=1;r6=1;r13=1;r24=1;r28=1;r31=1;r185=1;chn=1;dwe=1;occ=2;wwm=1;ug=1;ccb=1;ccg=1;cct=1;ccp=[1] not found!
    File\Folder C:\Documents and Settings\Anne Genova\Local Settings\Temp\Temporary Internet Files\Content.IE5\16W47KQZ\Main;MN=93225964;u=D7AD795DC133A562;wm=o;rm=1;inc=4;r131=1;chl=1;mar=1;hme=2;r5=1;r6=1;r13=1;r24=1;r28=1;r31=1;r185=1;chn=1;dwe=1;occ=2;wwm=1;ug=1;ccb=1;ccg=1;cct=1;ccp=[1] not found!
    File\Folder C:\Documents and Settings\Anne Genova\Local Settings\Temp\Temporary Internet Files\Content.IE5\16W47KQZ\Type%3dclick%26FlightID%3d12249%26AdID%3d14398%26TargetID%3d1095%26Segments%3d730,2592,2743,3285%26Targets%3d1095,2742,1515%26Values%3d31,43,51,60,72,86,91,101,110,150,6[1].htm not found!
    File\Folder C:\Documents and Settings\Anne Genova\Local Settings\Temp\Temporary Internet Files\Content.IE5\16W47KQZ\Type%3dclick%26FlightID%3d12249%26AdID%3d14398%26TargetID%3d1095%26Segments%3d730,2592,2743,3285%26Targets%3d1095,2742,1515%26Values%3d31,43,51,60,72,86,91,101,110,150,6[2].htm not found!
    File\Folder C:\Documents and Settings\Anne Genova\Local Settings\Temp\Temporary Directory 1 for Favorites.8.07.zip\Favorites\Work\Web Building\Flash Converters\Great Flash Decompiler-Sothink SWF Decompiler-Decompile SWF, SWF Decoder, Decompile Flash, SWF to FLA, SWF Extractor.url not found!
    File\Folder C:\Documents and Settings\Anne Genova\Local Settings\Temp\Temporary Directory 1 for Favorites.8.07.zip\Favorites\Vacation\Vacation Ideas and Rentals\Escape to Blue Ridge - Cabin Vacations of North Georgia - Blue Ridge Georgia Cabin Rental, Blue Ridge GA Cabin Rental.url not found!
    File\Folder C:\Documents and Settings\Anne Genova\Local Settings\Temp\Temporary Directory 1 for Favorites.8.07.zip\Favorites\Personal\Vacation\Travel Booking\Holiday Rentals & Vacation Rentals, villa & apartment rentals, self catering cottage holidays, rent in Spain, France, Italy, Po.url not found!
    File\Folder C:\Documents and Settings\Anne Genova\Local Settings\Temp\Temporary Directory 1 for Favorites.8.07.zip\Favorites\Personal\Vacation\Travel Booking\Slow Travel - Vacation rentals, villas, reviews, travel information for Europe (Italy, Switzerland, England, France, Spain), US.url not found!
    File\Folder C:\Documents and Settings\Anne Genova\Local Settings\Temp\Temporary Directory 1 for Favorites.8.07.zip\Favorites\Personal\Vacation\Travel Booking\Smoky Mountains Vacation Rentals - VRBO is Vacation Rentals by Owner Smoky Mountains - Smoky Mountains Hotels, Smoky Mountains.url not found!
    File\Folder C:\Documents and Settings\Anne Genova\Local Settings\Temp\Temporary Directory 1 for Favorites.8.07.zip\Favorites\Personal\Vacation\Feb Vacation\French Caribbean International - Villas - Villa Rental - Vacation Rentals - Hotels - St. Barts Villas - St. Barthelemy Villa Re.url not found!

    Registry entries deleted on Reboot...

    Here is the log file for the SystemLook:

    SystemLook 30.07.11 by jpshortstuff
    Log created at 17:17 on 28/12/2011 by Anne Genova
    Administrator - Elevation successful

    ========== folderfind ==========

    Searching for "*IObit"
    C:\Documents and Settings\Administrator.ANNEG\Application Data\IObit d------ [16:05 13/12/2011]
    C:\Documents and Settings\Claire and Austin\Application Data\IObit d------ [11:27 08/12/2011]
    C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\IObit d------ [17:25 07/12/2011]
    C:\_OTL\MovedFiles\12262011_171205\C_Documents and Settings\All Users\Application Data\IObit d------ [22:12 26/12/2011]
    C:\_OTL\MovedFiles\12262011_171205\C_Documents and Settings\Anne Genova\Application Data\IObit d------ [22:12 26/12/2011]
    C:\_OTL\MovedFiles\12262011_171205\C_Program Files\IObit d------ [22:12 26/12/2011]

    Searching for "*Viewpoint"
    C:\_OTL\MovedFiles\12262011_171205\C_Documents and Settings\All Users\Application Data\Viewpoint d------ [22:12 26/12/2011]

    -= EOF =-

    Thanks in advance!
    Anne
     
  9. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    37,226
    Looks like they were removed with OTL before the freeze :)

    Can you run this for me:

    Download ComboFix from one of these locations:

    Link 1
    Link 2


    * IMPORTANT !!! As you download it rename it to durgon123.exe and save it to your Desktop


    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      • Remember to re-enable the protection again afterwards before connecting to the Internet.
    • Double click on ComboFix.exe & follow the prompts.

    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


    [​IMG]


    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    [​IMG]


    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

    eddie
     
  10. durgon

    durgon Thread Starter

    Joined:
    Feb 8, 2009
    Messages:
    23
    Hi Eddie-

    Here is the log from ComboFix:


    ComboFix 11-12-29.04 - Anne Genova 12/29/2011 11:53:57.1.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2047.1457 [GMT -5:00]
    Running from: c:\documents and settings\Anne Genova\Desktop\durgon123.exe
    AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
    FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Anne Genova\Local Settings\Application Data\Lexar Media\LxrAutorun.exe
    c:\documents and settings\Anne Genova\WINDOWS
    c:\windows\system32\PowerToyReadme.htm
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-29 )))))))))))))))))))))))))))))))
    .
    .
    2011-12-26 22:12 . 2011-12-26 22:12 -------- d-----w- C:\_OTL
    2011-12-26 22:09 . 2011-12-26 22:08 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-12-25 23:37 . 2011-12-25 23:42 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2011-12-22 22:46 . 2011-12-22 22:46 -------- d-----w- c:\documents and settings\Anne Genova\Application Data\SUPERAntiSpyware.com
    2011-12-22 22:45 . 2011-12-22 22:46 -------- d-----w- c:\program files\SUPERAntiSpyware
    2011-12-22 22:45 . 2011-12-22 22:45 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2011-12-13 21:36 . 2011-12-13 21:36 -------- d-----w- c:\documents and settings\Anne Genova\Application Data\JAM Software
    2011-12-13 21:36 . 2011-12-13 21:36 -------- d-----w- c:\program files\JAM Software
    2011-12-13 19:31 . 2011-12-13 19:31 -------- d-----w- c:\documents and settings\Anne Genova\Application Data\OpenDNS Updater
    2011-12-13 19:31 . 2011-12-13 19:31 -------- d-----w- c:\program files\OpenDNS Updater
    2011-12-13 17:54 . 2011-12-13 17:54 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
    2011-12-13 17:54 . 2011-12-13 17:56 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
    2011-12-13 16:05 . 2011-12-13 16:05 -------- d-----w- c:\documents and settings\Administrator.ANNEG\Application Data\IObit
    2011-12-13 13:38 . 2011-12-13 13:38 -------- d-----w- c:\documents and settings\Administrator.ANNEG\Application Data\Malwarebytes
    2011-12-13 13:37 . 2011-12-13 13:37 -------- d-sh--w- c:\documents and settings\Administrator.ANNEG\IETldCache
    2011-12-07 17:25 . 2011-12-07 17:25 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\IObit
    2011-12-07 16:58 . 2011-10-20 03:16 20312 ------w- c:\windows\system32\RegistryDefragBootTime.exe
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-12-26 22:08 . 2009-02-10 20:33 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-12-26 04:50 . 2011-06-24 18:26 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-12-10 20:24 . 2009-02-11 00:48 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "GBMPro8Agent"="c:\program files\Genie-Soft\GBMPro8\GBMAgent.exe" [2008-09-11 189056]
    "OpenDNS Updater"="c:\program files\OpenDNS Updater\OpenDNSUpdater.exe" [2010-06-16 839680]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-12-09 4616064]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672]
    "dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
    "BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
    "LVCOMSX"="c:\windows\System32\LVCOMSX.EXE" [2004-10-08 221184]
    "GBMPro8Agent"="c:\program files\Genie-Soft\GBMPro8\GBMAgent.exe" [2008-09-11 189056]
    "nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
    "AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-11-03 365336]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
    "Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Logo Calibration Loader.lnk - c:\program files\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe [2007-11-14 708608]
    ProfileReminder.lnk - c:\program files\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe [2007-11-14 954368]
    Video Converter.lnk - c:\documents and settings\Anne Genova\Local Settings\Temp\Video Converter63274.exe [N/A]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
    backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DataViz Inc Messenger.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\DataViz Inc Messenger.lnk
    backup=c:\windows\pss\DataViz Inc Messenger.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dataviz Messenger.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Dataviz Messenger.lnk
    backup=c:\windows\pss\Dataviz Messenger.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk
    backup=c:\windows\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    c:\windows\system32\dumprep 0 -k [X]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConnectionCenter]
    2010-10-12 22:24 304568 ------w- c:\program files\Citrix\ICA Client\concentr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2004-08-04 05:56 15360 ------w- c:\windows\SYSTEM32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
    2004-07-19 12:51 306688 ------w- c:\program files\Dell Support\DSAgnt.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2009-05-02 21:12 133104 -----tw- c:\documents and settings\Anne Genova\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2010-03-12 17:08 49208 ------w- c:\program files\HP\HP Software Update\hpwuschd2.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2011-06-07 21:51 421160 ------w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
    2011-11-12 17:04 268640 ----a-w- c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-11-29 21:38 421888 ------w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2009-05-05 20:42 198160 ------w- c:\program files\Common Files\Real\Update_OB\realsched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Palm\\HOTSYNC.EXE"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\SAGENT4.EXE"=
    "c:\\Program Files\\Kapersky\\setup.exe"=
    "c:\\WINDOWS\\SYSTEM32\\fxsclnt.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
    "c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
    "c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
    "c:\\Program Files\\Citrix\\Secure Access Client\\nsepa.exe"=
    "c:\program files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe"= c:\program files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe:127.0.0.1/255.255.255.255:Enabled:Rosetta Stone Ltd Services
    "c:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe"= c:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe:127.0.0.1/255.255.255.255:Enabled:Rosetta Stone Daemon
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "67:UDP"= 67:UDP:DHCP Discovery Service
    .
    R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\SYSTEM32\DRIVERS\ctxusbm.sys [7/14/2010 12:51 PM 65584]
    R1 kl2;kl2;c:\windows\SYSTEM32\DRIVERS\kl2.sys [6/9/2010 3:43 PM 11352]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608]
    R2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [11/13/2008 2:43 PM 204800]
    R2 LxrSII1d;Secure II Driver;c:\windows\SYSTEM32\DRIVERS\LxrSII1d.sys [5/6/2008 2:36 PM 72672]
    R2 PDIHWCTL;PDIHWCTL;c:\windows\SYSTEM32\DRIVERS\pdihwctl.sys [11/14/2007 10:07 AM 14416]
    R2 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe [9/3/2009 3:44 PM 444224]
    R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\SYSTEM32\DRIVERS\klim5.sys [5/7/2010 10:06 AM 32856]
    R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\SYSTEM32\DRIVERS\klmouflt.sys [11/2/2009 6:27 PM 19472]
    S2 DPPSUSB;DPPSUSB.Sys Sony DPP-SV55 USB Digital Photo Printer Driver;c:\windows\SYSTEM32\DRIVERS\DPPSUSB.sys [1/31/2004 1:24 PM 15872]
    S3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
    S3 ComFiltr;Panda Anti-Dialer;\??\c:\windows\System32\DRIVERS\COMFiltr.sys --> c:\windows\System32\DRIVERS\COMFiltr.sys [?]
    S3 FlyUsb;FLY Fusion;c:\windows\SYSTEM32\DRIVERS\FlyUsb.sys [5/27/2010 8:58 AM 18560]
    S3 i1;i1 Pro;c:\windows\SYSTEM32\DRIVERS\i1.sys [11/14/2007 10:07 AM 26045]
    S3 wimmount;wimmount;c:\windows\SYSTEM32\DRIVERS\wimmount.sys [6/15/2010 4:52 AM 19024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    HPService REG_MULTI_SZ HPSLPSVC
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-12-28 c:\windows\Tasks\GBM - Anne Backup-Full.job
    - c:\program files\Genie-Soft\GBMPro8\GBM8.exe [2010-06-10 06:55]
    .
    2011-12-28 c:\windows\Tasks\GBM - C F Drive Differential Backup-Full.job
    - c:\program files\Genie-Soft\GBMPro8\GBM8.exe [2010-06-10 06:55]
    .
    2011-12-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3429979720-4235014302-1840635033-1009Core.job
    - c:\documents and settings\Anne Genova\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-02 21:12]
    .
    2011-12-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3429979720-4235014302-1840635033-1009UA.job
    - c:\documents and settings\Anne Genova\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-02 21:12]
    .
    2011-12-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3429979720-4235014302-1840635033-1011Core.job
    - c:\documents and settings\Claire and Austin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-20 00:00]
    .
    2011-12-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3429979720-4235014302-1840635033-1011UA.job
    - c:\documents and settings\Claire and Austin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-20 00:00]
    .
    2011-12-29 c:\windows\Tasks\User_Feed_Synchronization-{3B15FE86-26A3-484F-8831-376401E5A225}.job
    - c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
    IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    Trusted Zone: earthlink.net\webmail.atl
    Trusted Zone: google.com\maps
    Trusted Zone: turbotax.com
    TCP: DhcpNameServer = 68.87.68.166 68.87.74.166
    TCP: Interfaces\{35929760-7364-482A-A435-D5B3BCA4DA6C}: NameServer = 208.67.222.222,208.67.220.220
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKCU-Run-LxrAutorun - c:\documents and settings\Anne Genova\Local Settings\Application Data\Lexar Media\LxrAutorun.exe
    MSConfigStartUp-Dell AIO Printer A940 - c:\program files\Dell AIO Printer A940\dlbabmgr.exe
    MSConfigStartUp-GhostStartTrayApp - c:\program files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
    MSConfigStartUp-mmtask - c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    MSConfigStartUp-MMTray - c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    MSConfigStartUp-Weather - c:\progra~1\AWS\WEATHE~1\Weather.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-12-29 12:21
    Windows 5.1.2600 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F16633BB-6FFB-FEEF-6851EE4CF61ADAA7}\{8DE0EF13-9AB8-84BF-28848AB6F741F092}\{2912CDF2-3190-D0FE-95FF87CEE55A8F74}*]
    "Q3FBLH6RIF6MYMN6VD31LVQSMD1"=hex:01,00,00,00,00,00,00,00,5c,63,e8,cf,f7,e6,fd,
    3a
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(1060)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    .
    - - - - - - - > 'explorer.exe'(1252)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\LEXBCES.EXE
    c:\windows\system32\LEXPPS.EXE
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe
    c:\windows\system32\LxrSII1s.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\windows\system32\java.exe
    c:\windows\System32\nvsvc32.exe
    c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    c:\windows\system32\wscntfy.exe
    c:\windows\BCMSMMSG.exe
    .
    **************************************************************************
    .
    Completion time: 2011-12-29 12:30:58 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-12-29 17:30
    .
    Pre-Run: 53,539,074,048 bytes free
    Post-Run: 53,728,358,400 bytes free
    .
    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
    .
    - - End Of File - - 7216B6AA9305B2B6D89CA499AB606A68

    Thanks!
    Anne
     
  11. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    37,226
    Okay, before we run the following fix, I have seen that you have a task scheduled to run, which may be the cause of the drive filling up.

    Do you use Genie-Soft?

    If so, you have these tasks:

    c:\windows\Tasks\GBM - Anne Backup-Full.job
    c:\windows\Tasks\GBM - C F Drive Differential Backup-Full.job


    Now, these appear to do full backups, not sure how often, and to where on the computer. You may want to check out these, and set them for a specific time, or even do it manually.


    -------

    Onto the fix :)




    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    3. Open notepad and copy/paste the text in the quotebox below into it:

    Save this as CFScript.txt, in the same location as ComboFix.exe


    [​IMG]

    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

    ---------



    Also, can you re-run SystemLook with the following code:

    Code:
    :reg
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{A8658086-E6AC-4957-BC8E-7D54A7E8A78E} /sub
    :dir
    C:\Documents and Settings\All Users\Application Data\{35ACA973-70F0-495F-9092-74A130711865}
    C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    


    eddie
     
  12. durgon

    durgon Thread Starter

    Joined:
    Feb 8, 2009
    Messages:
    23
    Hi Eddie-

    I am using GenieSoft Backup Manager but only one of those jobs is active. It's supposed to do a full backup and then 3 incremental backups before starting over again. They are being saved to an external hard drive so they shouldn't be hogging any space. GenieSoft has been crashing on me lately so I just uninstalled it. Let me know when you think it's OK to reinstall it.

    Here is the log file from ComboFix:

    ComboFix 11-12-29.04 - Anne Genova 12/29/2011 16:05:01.2.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2047.1448 [GMT -5:00]
    Running from: c:\documents and settings\Anne Genova\Desktop\ComboFix\durgon123.exe
    Command switches used :: c:\documents and settings\Anne Genova\Desktop\ComboFix\CFScript.txt
    AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
    FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
    .
    FILE ::
    "c:\documents and settings\Anne Genova\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini"
    "c:\documents and settings\Anne Genova\Local Settings\Temp\Video Converter63274.exe"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Administrator.ANNEG\Application Data\IObit
    c:\documents and settings\Administrator.ANNEG\Application Data\IObit\Advanced SystemCare V5\Backup\ASCBackup32-2011-12-13(11-11-09).reg
    c:\documents and settings\Administrator.ANNEG\Application Data\IObit\Advanced SystemCare V5\Ignore.ini
    c:\documents and settings\Administrator.ANNEG\Application Data\IObit\Advanced SystemCare V5\Log\ASCLog-2011-12-13(11-11-09).txt
    c:\documents and settings\Administrator.ANNEG\Application Data\IObit\Advanced SystemCare V5\Main.ini
    c:\documents and settings\Administrator.ANNEG\Application Data\IObit\Advanced SystemCare V5\PFilterkey.dbd
    c:\documents and settings\Claire and Austin\Application Data\IObit
    c:\windows\system32\config\systemprofile\Application Data\IObit
    c:\windows\system32\config\systemprofile\Application Data\IObit\Advanced SystemCare V5\Ignore.ini
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-29 )))))))))))))))))))))))))))))))
    .
    .
    2011-12-29 16:47 . 2011-12-29 17:31 -------- d-----w- C:\durgon123
    2011-12-26 22:12 . 2011-12-26 22:12 -------- d-----w- C:\_OTL
    2011-12-26 22:09 . 2011-12-26 22:08 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-12-25 23:37 . 2011-12-25 23:42 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2011-12-22 22:46 . 2011-12-22 22:46 -------- d-----w- c:\documents and settings\Anne Genova\Application Data\SUPERAntiSpyware.com
    2011-12-22 22:45 . 2011-12-22 22:46 -------- d-----w- c:\program files\SUPERAntiSpyware
    2011-12-22 22:45 . 2011-12-22 22:45 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2011-12-13 21:36 . 2011-12-13 21:36 -------- d-----w- c:\documents and settings\Anne Genova\Application Data\JAM Software
    2011-12-13 21:36 . 2011-12-13 21:36 -------- d-----w- c:\program files\JAM Software
    2011-12-13 19:31 . 2011-12-13 19:31 -------- d-----w- c:\documents and settings\Anne Genova\Application Data\OpenDNS Updater
    2011-12-13 19:31 . 2011-12-13 19:31 -------- d-----w- c:\program files\OpenDNS Updater
    2011-12-13 17:54 . 2011-12-13 17:54 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
    2011-12-13 17:54 . 2011-12-13 17:56 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
    2011-12-13 13:38 . 2011-12-13 13:38 -------- d-----w- c:\documents and settings\Administrator.ANNEG\Application Data\Malwarebytes
    2011-12-13 13:37 . 2011-12-13 13:37 -------- d-sh--w- c:\documents and settings\Administrator.ANNEG\IETldCache
    2011-12-07 16:58 . 2011-10-20 03:16 20312 ------w- c:\windows\system32\RegistryDefragBootTime.exe
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-12-26 22:08 . 2009-02-10 20:33 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-12-26 04:50 . 2011-06-24 18:26 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-12-10 20:24 . 2009-02-11 00:48 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "OpenDNS Updater"="c:\program files\OpenDNS Updater\OpenDNSUpdater.exe" [2010-06-16 839680]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-12-09 4616064]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672]
    "dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
    "BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
    "LVCOMSX"="c:\windows\System32\LVCOMSX.EXE" [2004-10-08 221184]
    "nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
    "AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-11-03 365336]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
    "Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Logo Calibration Loader.lnk - c:\program files\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe [2007-11-14 708608]
    ProfileReminder.lnk - c:\program files\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe [2007-11-14 954368]
    Video Converter.lnk - c:\documents and settings\Anne Genova\Local Settings\Temp\Video Converter63274.exe [N/A]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
    backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DataViz Inc Messenger.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\DataViz Inc Messenger.lnk
    backup=c:\windows\pss\DataViz Inc Messenger.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dataviz Messenger.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Dataviz Messenger.lnk
    backup=c:\windows\pss\Dataviz Messenger.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk
    backup=c:\windows\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    c:\windows\system32\dumprep 0 -k [X]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConnectionCenter]
    2010-10-12 22:24 304568 ------w- c:\program files\Citrix\ICA Client\concentr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2004-08-04 05:56 15360 ------w- c:\windows\SYSTEM32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
    2004-07-19 12:51 306688 ------w- c:\program files\Dell Support\DSAgnt.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2009-05-02 21:12 133104 -----tw- c:\documents and settings\Anne Genova\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2010-03-12 17:08 49208 ------w- c:\program files\HP\HP Software Update\hpwuschd2.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2011-06-07 21:51 421160 ------w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
    2011-11-12 17:04 268640 ----a-w- c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-11-29 21:38 421888 ------w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2009-05-05 20:42 198160 ------w- c:\program files\Common Files\Real\Update_OB\realsched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Palm\\HOTSYNC.EXE"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\SAGENT4.EXE"=
    "c:\\Program Files\\Kapersky\\setup.exe"=
    "c:\\WINDOWS\\SYSTEM32\\fxsclnt.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
    "c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
    "c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
    "c:\\Program Files\\Citrix\\Secure Access Client\\nsepa.exe"=
    "c:\program files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe"= c:\program files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe:127.0.0.1/255.255.255.255:Enabled:Rosetta Stone Ltd Services
    "c:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe"= c:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe:127.0.0.1/255.255.255.255:Enabled:Rosetta Stone Daemon
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "67:UDP"= 67:UDP:DHCP Discovery Service
    .
    R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\SYSTEM32\DRIVERS\ctxusbm.sys [7/14/2010 12:51 PM 65584]
    R1 kl2;kl2;c:\windows\SYSTEM32\DRIVERS\kl2.sys [6/9/2010 3:43 PM 11352]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608]
    R2 LxrSII1d;Secure II Driver;c:\windows\SYSTEM32\DRIVERS\LxrSII1d.sys [5/6/2008 2:36 PM 72672]
    R2 PDIHWCTL;PDIHWCTL;c:\windows\SYSTEM32\DRIVERS\pdihwctl.sys [11/14/2007 10:07 AM 14416]
    R2 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe [9/3/2009 3:44 PM 444224]
    R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\SYSTEM32\DRIVERS\klim5.sys [5/7/2010 10:06 AM 32856]
    R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\SYSTEM32\DRIVERS\klmouflt.sys [11/2/2009 6:27 PM 19472]
    S2 DPPSUSB;DPPSUSB.Sys Sony DPP-SV55 USB Digital Photo Printer Driver;c:\windows\SYSTEM32\DRIVERS\DPPSUSB.sys [1/31/2004 1:24 PM 15872]
    S2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [11/13/2008 2:43 PM 204800]
    S3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
    S3 ComFiltr;Panda Anti-Dialer;\??\c:\windows\System32\DRIVERS\COMFiltr.sys --> c:\windows\System32\DRIVERS\COMFiltr.sys [?]
    S3 FlyUsb;FLY Fusion;c:\windows\SYSTEM32\DRIVERS\FlyUsb.sys [5/27/2010 8:58 AM 18560]
    S3 i1;i1 Pro;c:\windows\SYSTEM32\DRIVERS\i1.sys [11/14/2007 10:07 AM 26045]
    S3 wimmount;wimmount;c:\windows\SYSTEM32\DRIVERS\wimmount.sys [6/15/2010 4:52 AM 19024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    HPService REG_MULTI_SZ HPSLPSVC
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-12-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3429979720-4235014302-1840635033-1009Core.job
    - c:\documents and settings\Anne Genova\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-02 21:12]
    .
    2011-12-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3429979720-4235014302-1840635033-1009UA.job
    - c:\documents and settings\Anne Genova\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-02 21:12]
    .
    2011-12-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3429979720-4235014302-1840635033-1011Core.job
    - c:\documents and settings\Claire and Austin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-20 00:00]
    .
    2011-12-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3429979720-4235014302-1840635033-1011UA.job
    - c:\documents and settings\Claire and Austin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-20 00:00]
    .
    2011-12-29 c:\windows\Tasks\User_Feed_Synchronization-{3B15FE86-26A3-484F-8831-376401E5A225}.job
    - c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
    IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    Trusted Zone: earthlink.net\webmail.atl
    Trusted Zone: google.com\maps
    Trusted Zone: turbotax.com
    TCP: DhcpNameServer = 68.87.68.166 68.87.74.166
    TCP: Interfaces\{35929760-7364-482A-A435-D5B3BCA4DA6C}: NameServer = 208.67.222.222,208.67.220.220
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-12-29 16:17
    Windows 5.1.2600 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(1060)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    .
    Completion time: 2011-12-29 16:21:09
    ComboFix-quarantined-files.txt 2011-12-29 21:21
    ComboFix2.txt 2011-12-29 17:31
    .
    Pre-Run: 53,877,735,424 bytes free
    Post-Run: 53,856,092,160 bytes free
    .
    - - End Of File - - FBBF91FB7304309BBAF9BC569DD106DB


    Here is the file from SystemLook:

    SystemLook 30.07.11 by jpshortstuff
    Log created at 16:26 on 29/12/2011 by Anne Genova
    Administrator - Elevation successful
    ========== reg ==========
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{A8658086-E6AC-4957-BC8E-7D54A7E8A78E}]
    "SystemComponent"= 0x0000000000 (0)
    "Installer"="MSICD"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{A8658086-E6AC-4957-BC8E-7D54A7E8A78E}\Contains]
    (No values found)
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{A8658086-E6AC-4957-BC8E-7D54A7E8A78E}\Contains\Files]
    "C:\WINDOWS\Downloaded Program Files\SassCln.dll"=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{A8658086-E6AC-4957-BC8E-7D54A7E8A78E}\DownloadInformation]
    "CODEBASE"="http://www.microsoft.com/security/controls/SassCln.CAB"
    "INF"="C:\WINDOWS\Downloaded Program Files\SASSCLN.INF"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{A8658086-E6AC-4957-BC8E-7D54A7E8A78E}\InstalledVersion]
    @="1,0,0,16"
    "LastModified"="Mon, 03 May 2004 22:47:11 GMT"

    ========== dir ==========
    C:\Documents and Settings\All Users\Application Data\{35ACA973-70F0-495F-9092-74A130711865} - Parameters: "(none)"
    ---Files---
    instance.dat -----c- 106 bytes [20:04 09/06/2009] [20:04 09/06/2009]
    mia.lib -----c- 579106 bytes [20:04 09/06/2009] [21:29 21/05/2009]
    setup.bmp -----c- 1027768 bytes [20:04 09/06/2009] [19:59 18/03/2009]
    setup.dat -----c- 344 bytes [20:04 09/06/2009] [20:04 09/06/2009]
    setup.exe -----c- 2833072 bytes [20:04 09/06/2009] [21:29 21/05/2009]
    setup.lan -----c- 9 bytes [20:04 09/06/2009] [20:04 09/06/2009]
    setup.msi -----c- 582144 bytes [20:04 09/06/2009] [21:29 21/05/2009]
    setup.par -----c- 10100 bytes [20:04 09/06/2009] [20:04 09/06/2009]
    setup.res -----c- 58915441 bytes [20:04 09/06/2009] [21:29 21/05/2009]
    ---Folders---
    None found.
    C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} - Parameters: "(none)"
    ---Files---
    None found.
    ---Folders---
    x86 d------ [18:31 16/06/2011]
    C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} - Parameters: "(none)"
    ---Files---
    None found.
    ---Folders---
    x86 d------ [03:18 08/04/2009]
    -= EOF =-

    Thanks!
    Anne
     
  13. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    37,226
    Thanks for the info on the GenieSoft Backup Manager (y)


    Okay, can you just run this with Systemlook:

    Code:
    :file
    C:\Documents and Settings\All Users\Application Data\{35ACA973-70F0-495F-9092-74A130711865}\setup.exe
    

    ----------

    Then, run this:

    Clear Cache/Temp Files
    Download TFC by OldTimer to your desktop
    • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
    • It will close all programs when run, so make sure you have saved all your work before you begin.
    • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
    • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.


    After the above, can you run this tool:


    Download OTS to your Desktop and double-click on it to run it
    • Make sure you close all other programs and don't use the PC while the scan runs.
    • Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
    • When the scan is complete Notepad will open with the report file loaded in it.
    • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
    Use the Add Reply button and post the information back here in an attachment. I will review it when it comes in. The last line is < End of Report >, so make sure that is the last line in the attached report.


    Make sure you attach the report in your reply. If it is too big to upload, then zip the text file and upload it that way


    eddie
     
  14. durgon

    durgon Thread Starter

    Joined:
    Feb 8, 2009
    Messages:
    23
    Hi Eddie-

    Here is the log file from SystemLook (not sure if you needed it or not.)

    SystemLook 30.07.11 by jpshortstuff
    Log created at 10:42 on 31/12/2011 by Anne Genova
    Administrator - Elevation successful

    ========== file ==========

    C:\Documents and Settings\All Users\Application Data\{35ACA973-70F0-495F-9092-74A130711865}\setup.exe - File found and opened.
    MD5: 4834B646C52D35BCB9416E05D1E0DB27
    Created at 20:04 on 09/06/2009
    Modified at 21:29 on 21/05/2009
    Size: 2833072 bytes
    Attributes: -----c-
    FileDescription: Router Installation
    FileVersion: 3.11.9139.94
    CompanyName: Linksys By Cisco Systems
    LegalCopyright: All rights reserved
    Comments: This installation was built with InstallAware: http://www.installaware.com

    -= EOF =-

    Attached is the OTS log.

    Thanks!
    Anne
     

    Attached Files:

    • OTS.Txt
      File size:
      132.9 KB
      Views:
      2
  15. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    37,226
    Thanks for the systemlook log, looks like its a legit folder :)

    Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.
    The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1031072

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice