DDS (Ver_10-03-17.01) - NTFSx86
Run by UB at 8:31:55.78 on Fri 06/04/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2558.1978 [GMT -5:00]

AV: avast! antivirus 4.8.1368 [VPS 100604-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Lexmark 8300 Series\lxcjmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Lexmark 8300 Series\ezprint.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ATT-SST\McciTrayApp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\AT&T\Internet Security Wizard\ISW.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\lxcjcoms.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Documents and Settings\UB\Local Settings\Temporary Internet Files\Content.IE5\ZIKWMLYV\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = https://login.yahoo.com/config/login?.src=my&.done=hxxp://att.my.yahoo.com&.intl=us&.partner=sbc
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AT&&T Toolbar: {4e7bd74f-2b8d-469e-94be-fd60bb9aae29} - c:\progra~1\atttoo~1\ATTTOO~1.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: MediaBar: {abb49b3b-ab7d-4ed0-9135-93fd5aa4f69f} - c:\program files\imeshmediabartb\iMeshMediaBarDx.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AT&&T Toolbar: {4e7bd74f-2b8d-469e-94be-fd60bb9aae29} - c:\progra~1\atttoo~1\ATTTOO~1.DLL
TB: MediaBar: {abb49b3b-ab7d-4ed0-9135-93fd5aa4f69f} - c:\program files\imeshmediabartb\iMeshMediaBarDx.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [UpdateFlow.ATT-SST] c:\program files\att-sst\mccibrowser.exe -appkey=att-sst -url=file://c:\program files\att-sst\offlineupdate\redirector.htm
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [lxcjmon.exe] "c:\program files\lexmark 8300 series\lxcjmon.exe"
mRun: [EzPrint] "c:\program files\lexmark 8300 series\ezprint.exe"
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [ATT-SST_McciTrayApp] "c:\program files\att-sst\McciTrayApp.exe"
mRun: [ISW.exe] "c:\program files\at&t\internet security wizard\ISW.exe" /AUTORUN
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [mxomssmenu] "c:\program files\maxtor\onetouch status\maxmenumgr.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [LXCJCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCJtime.dll,_RunDLLEntry@16
StartupFolder: c:\docume~1\ub\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: motive.com\patttbc.att
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {0D859AF0-C75E-11D4-B760-00E0B81077E8} - hxxp://nom.mlxchange.com/5.0.03.26/Control/FileCruiser.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {16FD824B-8E7B-11D2-9855-00802962956C} - hxxp://nom.mlxchange.com/5.0.03.26/Control/Specfile.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {413D6754-BFD4-47FE-9346-319559290BFA} - hxxps://www.webpcfos.com/webpcfos/websabre/HTEweb_new.cab
DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} - hxxp://nom.mlxchange.com/5.0.03.26/Control/MLSClientUtils.cab
DPF: {73779860-6F88-4D8C-9DAB-30583B9BAAC3} - hxxps://www.sttammanyclerk.org/liveapp/ImageServer/iView2/FileProInet2.CAB
DPF: {78523E50-56EB-11D3-B739-CAA1986A452F} - hxxp://nom.mlxchange.com/5.0.03.26/Control/LiteGrid.cab
DPF: {7A7537FC-5988-11D3-8B33-00104B9E5A4A} - hxxp://nom.mlxchange.com/5.0.03.26/Control/IRCWebPrint.cab
DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} - hxxp://nom.mlxchange.com/5.0.05.46/Control/IRCSharc.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A762E064-A885-40E4-AC10-671BB62DC2B2} - hxxp://www.eomniform.com/OF5/nsplugins/OFMailX.cab
DPF: {B198A72B-B4C3-42B5-B8DA-B364E76429AA} - hxxp://nom.mlxchange.com/5.0.03.26/Control/WebDog.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {F060A272-A18A-11D3-B75B-00E0B81077E8} - hxxp://nom.mlxchange.com/5.0.03.26/Control/AspCustomCtrls.cab
TCP: NameServer = 93.188.165.163,93.188.161.179
TCP: {6E83B147-8F7C-4C2A-AD06-1685EAE8CC5E} = 93.188.165.163,93.188.161.179
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-13 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-2-12 114768]
R1 cmosa;cmosa;c:\windows\system32\drivers\cmosa.sys [2009-2-12 29344]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-2-12 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-2-12 138680]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 1029456]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-2-12 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-2-12 352920]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-30 135664]
S2 MSWU-69df9f89;MSWU-69df9f89;c:\windows\system32\69df9f89.exe [2010-6-4 75264]
S2 MSWU-f36decbb;MSWU-f36decbb;c:\windows\system32\f36decbb.exe [2010-5-27 75264]

=============== Created Last 30 ================

2010-06-04 13:06:29 75264 ----a-w- c:\windows\system32\69df9f89.exe
2010-06-03 17:46:21 0 d-----w- c:\docume~1\alluse~1\applic~1\12EA
2010-06-03 14:54:04 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-05-27 20:10:36 75264 ----a-w- c:\windows\system32\f36decbb.exe
2010-05-27 20:08:21 85504 --sha-r- c:\windows\system32\dinputr.dll
2010-05-07 22:00:17 0 d-----w- c:\program files\iPod
2010-05-07 22:00:06 0 d-----w- c:\program files\iTunes
2010-05-07 22:00:06 0 d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-07 21:54:25 0 d-----w- c:\program files\Bonjour

==================== Find3M ====================

2010-05-12 16:21:16 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-04-16 13:33:36 41472 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-04-16 13:33:36 3003680 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-08 18:20:02 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 18:20:02 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-03-11 12:38:54 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38:52 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38:51 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 11:09:18 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 09:28:20 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-15 21:52:01 16384 --sha-w- c:\windows\temp\cookies\index.dat
2010-01-15 21:52:01 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2010-01-15 21:52:01 49152 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 8:32:15.51 ===============

:snwelcome:


Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.



Download ComboFix from one of these locations:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)


* IMPORTANT !!! Save ComboFix.exe to your Desktop


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.


Double click on ComboFix.exe & follow the prompts.


As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.


Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



http://img.photobucket.com/albums/v706/ried7/RC1.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

Hey Ken 545, thanks for the help! Here is the log.

ComboFix 10-06-08.03 - UB 06/09/2010 4:50.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2558.2011 [GMT -5:00]
Running from: c:\documents and settings\UB\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100609-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

G:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SSHNAS


((((((((((((((((((((((((( Files Created from 2010-05-09 to 2010-06-09 )))))))))))))))))))))))))))))))
.

2010-06-09 09:54 . 2010-05-27 20:03 75264 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\5a55e.dll
2010-06-09 00:39 . 2010-06-09 00:39 -------- d-----w- c:\documents and settings\All Users\Application Data\1C1A5
2010-06-09 00:13 . 2010-05-27 20:03 75264 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\7931793.dll
2010-06-06 00:35 . 2010-02-04 15:52 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-06-06 00:03 . 2010-06-06 00:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\Motive
2010-06-06 00:03 . 2010-06-06 00:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\AT&T
2010-06-05 21:32 . 2010-02-04 15:53 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-06-05 21:31 . 2010-02-04 15:53 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-06-05 21:30 . 2010-06-05 21:31 -------- d-----w- c:\program files\Lavasoft
2010-06-05 21:30 . 2010-06-05 21:30 503808 ----a-w- c:\documents and settings\UB\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-31d53b66-n\msvcp71.dll
2010-06-05 21:30 . 2010-06-05 21:30 499712 ----a-w- c:\documents and settings\UB\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-31d53b66-n\jmc.dll
2010-06-05 21:30 . 2010-06-05 21:30 348160 ----a-w- c:\documents and settings\UB\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-31d53b66-n\msvcr71.dll
2010-06-05 21:30 . 2010-06-05 21:30 61440 ----a-w- c:\documents and settings\UB\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-66284f79-n\decora-sse.dll
2010-06-05 21:30 . 2010-06-05 21:30 12800 ----a-w- c:\documents and settings\UB\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-66284f79-n\decora-d3d.dll
2010-06-05 21:05 . 2010-05-27 20:03 75264 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\e179eI7q.dll
2010-06-05 19:22 . 2010-06-05 21:31 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-06-05 16:49 . 2010-06-05 16:49 91200 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-04 13:10 . 2010-06-04 13:10 -------- d-----w- c:\program files\ERUNT
2010-06-04 13:06 . 2010-05-27 20:03 75264 ----a-w- c:\windows\system32\69df9f89.exe
2010-06-03 14:54 . 2010-06-03 14:54 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-05-27 20:10 . 2010-05-27 20:03 75264 ----a-w- c:\windows\system32\f36decbb.exe
2010-05-27 20:08 . 2010-05-27 20:08 85504 --sha-r- c:\windows\system32\dinputr.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-05 21:30 . 2009-02-13 14:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-06-05 16:33 . 2009-04-04 18:35 -------- d-----w- c:\program files\Common Files\Motive
2010-06-04 04:52 . 2009-04-10 02:27 -------- d-----w- c:\program files\ATT-SST
2010-06-04 02:25 . 2009-04-18 02:32 -------- d-----w- c:\documents and settings\UB\Application Data\Apple Computer
2010-06-03 14:54 . 2009-02-22 20:37 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-22 19:18 . 2009-02-12 21:22 -------- d-----w- c:\program files\Lx_cats
2010-05-12 16:21 . 2010-01-15 03:01 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-12 08:01 . 2009-03-08 04:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-08 16:39 . 2010-05-08 16:39 503808 ----a-w- c:\documents and settings\Mooskie\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4e09e586-n\msvcp71.dll
2010-05-08 16:39 . 2010-05-08 16:39 499712 ----a-w- c:\documents and settings\Mooskie\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4e09e586-n\jmc.dll
2010-05-08 16:39 . 2010-05-08 16:39 348160 ----a-w- c:\documents and settings\Mooskie\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4e09e586-n\msvcr71.dll
2010-05-08 16:39 . 2010-05-08 16:39 61440 ----a-w- c:\documents and settings\Mooskie\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2a88e1d0-n\decora-sse.dll
2010-05-08 16:39 . 2010-05-08 16:39 12800 ----a-w- c:\documents and settings\Mooskie\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2a88e1d0-n\decora-d3d.dll
2010-05-08 16:34 . 2010-05-08 16:34 -------- d-----w- c:\documents and settings\Mooskie\Application Data\imeshmediabartb
2010-05-08 16:33 . 2010-05-08 16:33 91200 ----a-w- c:\documents and settings\Mooskie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-07 22:01 . 2010-05-07 22:00 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-07 22:01 . 2010-05-07 22:00 -------- d-----w- c:\program files\iTunes
2010-05-07 22:00 . 2010-05-07 22:00 -------- d-----w- c:\program files\iPod
2010-05-07 22:00 . 2009-02-13 03:01 -------- d-----w- c:\program files\Common Files\Apple
2010-05-07 21:57 . 2009-11-28 22:51 -------- d-----w- c:\program files\QuickTime
2010-05-07 21:54 . 2010-05-07 21:54 -------- d-----w- c:\program files\Bonjour
2010-05-07 21:48 . 2010-05-07 21:48 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-04-16 13:33 . 2009-04-13 16:07 3003680 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-16 13:33 . 2009-02-13 03:01 41472 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-04-08 18:20 . 2010-04-08 18:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 18:20 . 2010-04-08 18:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-05 13:13 . 2010-04-05 13:13 61440 ----a-w- c:\documents and settings\UB\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-42140328-n\decora-sse.dll
2010-04-05 13:13 . 2010-04-05 13:13 12800 ----a-w- c:\documents and settings\UB\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-42140328-n\decora-d3d.dll
2010-04-05 13:13 . 2010-04-05 13:13 503808 ----a-w- c:\documents and settings\UB\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5ebfa59a-n\msvcp71.dll
2010-04-05 13:13 . 2010-04-05 13:13 499712 ----a-w- c:\documents and settings\UB\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5ebfa59a-n\jmc.dll
2010-04-05 13:13 . 2010-04-05 13:13 348160 ----a-w- c:\documents and settings\UB\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5ebfa59a-n\msvcr71.dll
2010-03-13 17:18 . 2010-03-13 17:18 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe
2010-03-11 12:38 . 2004-08-12 14:09 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2004-08-12 13:58 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2004-08-12 13:56 17408 ----a-w- c:\windows\system32\corpol.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}]
2009-07-31 11:58 91568 ----a-w- c:\program files\iMeshMediabarTb\iMeshMediaBarDx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}"= "c:\program files\iMeshMediabarTb\iMeshMediaBarDx.dll" [2009-07-31 91568]

[HKEY_CLASSES_ROOT\clsid\{abb49b3b-ab7d-4ed0-9135-93fd5aa4f69f}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-20 39408]
"UpdateFlow.ATT-SST"="c:\program files\ATT-SST\McciBrowser.exe" [2009-10-22 1048576]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"lxcjmon.exe"="c:\program files\Lexmark 8300 Series\lxcjmon.exe" [2005-09-30 200704]
"EzPrint"="c:\program files\Lexmark 8300 Series\ezprint.exe" [2006-04-19 94208]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-02-10 344064]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2009-10-22 1577984]
"ISW.exe"="c:\program files\AT&T\Internet Security Wizard\ISW.exe" [2007-05-03 2061816]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-07-21 169312]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"LXCJCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCJtime.dll" [2006-02-24 73728]

c:\documents and settings\UB\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\lxcjcoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxcjpswx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\ATT-HSI\\McciBrowser.exe"=
"c:\\Sierra\\Empire Earth - The Art of Conquest\\EE-AOC.exe"=
"c:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/5/2010 4:32 PM 64288]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2/12/2009 6:36 PM 114768]
R1 cmosa;cmosa;c:\windows\system32\drivers\cmosa.sys [2/12/2009 4:18 PM 29344]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/12/2009 6:36 PM 20560]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 8:19 PM 13592]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/30/2010 4:13 PM 135664]
S2 MSWU-69df9f89;MSWU-69df9f89;c:\windows\system32\69df9f89.exe [6/4/2010 8:06 AM 75264]
S2 MSWU-f36decbb;MSWU-f36decbb;c:\windows\system32\f36decbb.exe [5/27/2010 3:10 PM 75264]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 10:52 AM 1228208]
.
Contents of the 'Scheduled Tasks' folder

2010-06-09 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 15:52]

2010-06-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 21:13]

2010-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 21:13]

2010-06-09 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 01:20]
.
.
------- Supplementary Scan -------
.
uStart Page = https://login.yahoo.com/config/login?.src=my&.done=hxxp://att.my.yahoo.com&.intl=us&.partner=sbc
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: motive.com\patttbc.att
DPF: {413D6754-BFD4-47FE-9346-319559290BFA} - hxxps://www.webpcfos.com/webpcfos/websabre/HTEweb_new.cab
DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} - hxxp://nom.mlxchange.com/5.0.03.26/Control/MLSClientUtils.cab
DPF: {73779860-6F88-4D8C-9DAB-30583B9BAAC3} - hxxps://www.sttammanyclerk.org/liveapp/ImageServer/iView2/FileProInet2.CAB
DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} - hxxp://nom.mlxchange.com/5.0.05.46/Control/IRCSharc.cab
DPF: {A762E064-A885-40E4-AC10-671BB62DC2B2} - hxxp://www.eomniform.com/OF5/nsplugins/OFMailX.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-09 04:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCJCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCJtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(208)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Maxtor\Sync\SyncServices.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\lxcjcoms.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-06-09 04:59:07 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-09 09:59

Pre-Run: 43,926,466,560 bytes free
Post-Run: 44,616,454,144 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 175C7DB062AD22020A825BD57B5E1E93

Hi,

Still more to remove

Open Notepad Go to Start> All Programs> Assessories> Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above Driver::




Driver::
MSWU-69df9f89
MSWU-f36decbb

File::
c:\windows\system32\69df9f89.exe
c:\windows\system32\f36decbb.exe


Save this as CFScript to your desktop.

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

http://i24.photobucket.com/albums/c30/ken545/CFScriptB-4.gif


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.







Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please


I need to see the new CF log and the Malwarebytes log please

Again, thanks for the help. Here is the new log. I will post the Malwarebytes shortly.

ComboFix 10-06-08.03 - UB 06/09/2010 7:51.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2558.2056 [GMT -5:00]
Running from: c:\documents and settings\UB\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\UB\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100609-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\windows\system32\69df9f89.exe"
"c:\windows\system32\f36decbb.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\69df9f89.exe
c:\windows\system32\f36decbb.exe
G:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MSWU-69DF9F89
-------\Legacy_MSWU-F36DECBB
-------\Service_MSWU-69df9f89
-------\Service_MSWU-f36decbb


((((((((((((((((((((((((( Files Created from 2010-05-09 to 2010-06-09 )))))))))))))))))))))))))))))))
.

2010-06-09 10:35 . 2010-04-12 22:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-09 10:26 . 2010-06-09 10:23 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-06-09 09:54 . 2010-05-27 20:03 75264 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\5a55e.dll
2010-06-09 00:39 . 2010-06-09 00:39 -------- d-----w- c:\documents and settings\All Users\Application Data\1C1A5
2010-06-09 00:13 . 2010-05-27 20:03 75264 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\7931793.dll
2010-06-06 00:35 . 2010-02-04 15:52 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-06-06 00:03 . 2010-06-06 00:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\Motive
2010-06-06 00:03 . 2010-06-06 00:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\AT&T
2010-06-05 21:32 . 2010-06-09 10:23 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-06-05 21:31 . 2010-02-04 15:53 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-06-05 21:30 . 2010-06-05 21:31 -------- d-----w- c:\program files\Lavasoft
2010-06-05 21:30 . 2010-06-05 21:30 503808 ----a-w- c:\documents and settings\UB\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-31d53b66-n\msvcp71.dll
2010-06-05 21:30 . 2010-06-05 21:30 499712 ----a-w- c:\documents and settings\UB\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-31d53b66-n\jmc.dll
2010-06-05 21:30 . 2010-06-05 21:30 348160 ----a-w- c:\documents and settings\UB\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-31d53b66-n\msvcr71.dll
2010-06-05 21:30 . 2010-06-05 21:30 61440 ----a-w- c:\documents and settings\UB\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-66284f79-n\decora-sse.dll
2010-06-05 21:30 . 2010-06-05 21:30 12800 ----a-w- c:\documents and settings\UB\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-66284f79-n\decora-d3d.dll
2010-06-05 21:05 . 2010-05-27 20:03 75264 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\e179eI7q.dll
2010-06-05 19:22 . 2010-06-05 21:31 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-06-05 16:49 . 2010-06-05 16:49 91200 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-04 13:10 . 2010-06-04 13:10 -------- d-----w- c:\program files\ERUNT
2010-06-03 14:54 . 2010-06-03 14:54 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-05-27 20:08 . 2010-05-27 20:08 85504 --sha-r- c:\windows\system32\dinputr.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-09 10:35 . 2009-03-12 12:26 -------- d-----w- c:\program files\Java
2010-06-05 21:30 . 2009-02-13 14:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-06-05 16:33 . 2009-04-04 18:35 -------- d-----w- c:\program files\Common Files\Motive
2010-06-04 04:52 . 2009-04-10 02:27 -------- d-----w- c:\program files\ATT-SST
2010-06-04 02:25 . 2009-04-18 02:32 -------- d-----w- c:\documents and settings\UB\Application Data\Apple Computer
2010-06-03 14:54 . 2009-02-22 20:37 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-22 19:18 . 2009-02-12 21:22 -------- d-----w- c:\program files\Lx_cats
2010-05-12 16:21 . 2010-01-15 03:01 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-12 08:01 . 2009-03-08 04:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-08 16:39 . 2010-05-08 16:39 503808 ----a-w- c:\documents and settings\Mooskie\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4e09e586-n\msvcp71.dll
2010-05-08 16:39 . 2010-05-08 16:39 499712 ----a-w- c:\documents and settings\Mooskie\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4e09e586-n\jmc.dll
2010-05-08 16:39 . 2010-05-08 16:39 348160 ----a-w- c:\documents and settings\Mooskie\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4e09e586-n\msvcr71.dll
2010-05-08 16:39 . 2010-05-08 16:39 61440 ----a-w- c:\documents and settings\Mooskie\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2a88e1d0-n\decora-sse.dll
2010-05-08 16:39 . 2010-05-08 16:39 12800 ----a-w- c:\documents and settings\Mooskie\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2a88e1d0-n\decora-d3d.dll
2010-05-08 16:34 . 2010-05-08 16:34 -------- d-----w- c:\documents and settings\Mooskie\Application Data\imeshmediabartb
2010-05-08 16:33 . 2010-05-08 16:33 91200 ----a-w- c:\documents and settings\Mooskie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-07 22:01 . 2010-05-07 22:00 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-07 22:01 . 2010-05-07 22:00 -------- d-----w- c:\program files\iTunes
2010-05-07 22:00 . 2010-05-07 22:00 -------- d-----w- c:\program files\iPod
2010-05-07 22:00 . 2009-02-13 03:01 -------- d-----w- c:\program files\Common Files\Apple
2010-05-07 21:57 . 2009-11-28 22:51 -------- d-----w- c:\program files\QuickTime
2010-05-07 21:54 . 2010-05-07 21:54 -------- d-----w- c:\program files\Bonjour
2010-05-07 21:48 . 2010-05-07 21:48 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-04-16 13:33 . 2009-04-13 16:07 3003680 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-16 13:33 . 2009-02-13 03:01 41472 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-04-08 18:20 . 2010-04-08 18:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 18:20 . 2010-04-08 18:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-05 13:13 . 2010-04-05 13:13 61440 ----a-w- c:\documents and settings\UB\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-42140328-n\decora-sse.dll
2010-04-05 13:13 . 2010-04-05 13:13 12800 ----a-w- c:\documents and settings\UB\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-42140328-n\decora-d3d.dll
2010-04-05 13:13 . 2010-04-05 13:13 503808 ----a-w- c:\documents and settings\UB\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5ebfa59a-n\msvcp71.dll
2010-04-05 13:13 . 2010-04-05 13:13 499712 ----a-w- c:\documents and settings\UB\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5ebfa59a-n\jmc.dll
2010-04-05 13:13 . 2010-04-05 13:13 348160 ----a-w- c:\documents and settings\UB\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5ebfa59a-n\msvcr71.dll
2010-03-13 17:18 . 2010-03-13 17:18 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-06-09_09.55.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-09 12:57 . 2010-06-09 12:57 16384 c:\windows\Temp\Perflib_Perfdata_610.dat
+ 2010-06-09 12:57 . 2010-06-09 12:57 16384 c:\windows\Temp\Perflib_Perfdata_410.dat
+ 2010-06-09 10:27 . 2010-06-09 10:23 64288 c:\windows\system32\DRVSTORE\lbd_9C578CA880A99903668A8694DEFB21244E9C4C62\Lbd.sys
- 2009-02-12 20:49 . 2010-06-09 09:37 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-02-12 20:49 . 2010-06-09 10:26 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-06-09 10:01 . 2010-06-09 10:26 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-02-12 20:49 . 2010-06-09 09:37 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2010-04-05 13:13 . 2010-03-09 09:28 153376 c:\windows\system32\javaws.exe
+ 2010-06-09 10:35 . 2010-04-12 22:29 153376 c:\windows\system32\javaws.exe
+ 2010-06-09 10:35 . 2010-04-12 22:29 145184 c:\windows\system32\javaw.exe
- 2010-04-05 13:13 . 2010-03-09 09:28 145184 c:\windows\system32\javaw.exe
+ 2010-06-09 10:35 . 2010-04-12 22:29 145184 c:\windows\system32\java.exe
- 2010-04-05 13:13 . 2010-03-09 09:28 145184 c:\windows\system32\java.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}]
2009-07-31 11:58 91568 ----a-w- c:\program files\iMeshMediabarTb\iMeshMediaBarDx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}"= "c:\program files\iMeshMediabarTb\iMeshMediaBarDx.dll" [2009-07-31 91568]

[HKEY_CLASSES_ROOT\clsid\{abb49b3b-ab7d-4ed0-9135-93fd5aa4f69f}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-20 39408]
"UpdateFlow.ATT-SST"="c:\program files\ATT-SST\McciBrowser.exe" [2009-10-22 1048576]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"lxcjmon.exe"="c:\program files\Lexmark 8300 Series\lxcjmon.exe" [2005-09-30 200704]
"EzPrint"="c:\program files\Lexmark 8300 Series\ezprint.exe" [2006-04-19 94208]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-02-10 344064]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2009-10-22 1577984]
"ISW.exe"="c:\program files\AT&T\Internet Security Wizard\ISW.exe" [2007-05-03 2061816]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-07-21 169312]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"LXCJCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCJtime.dll" [2006-02-24 73728]

c:\documents and settings\UB\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\lxcjcoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxcjpswx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\ATT-HSI\\McciBrowser.exe"=
"c:\\Sierra\\Empire Earth - The Art of Conquest\\EE-AOC.exe"=
"c:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/5/2010 4:32 PM 64288]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2/12/2009 6:36 PM 114768]
R1 cmosa;cmosa;c:\windows\system32\drivers\cmosa.sys [2/12/2009 4:18 PM 29344]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/12/2009 6:36 PM 20560]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 10:52 AM 1352320]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 8:19 PM 13592]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/30/2010 4:13 PM 135664]
.
Contents of the 'Scheduled Tasks' folder

2010-06-09 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 10:23]

2010-06-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 21:13]

2010-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 21:13]

2010-06-09 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 01:20]
.
.
------- Supplementary Scan -------
.
uStart Page = https://login.yahoo.com/config/login?.src=my&.done=hxxp://att.my.yahoo.com&.intl=us&.partner=sbc
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: motive.com\patttbc.att
DPF: {413D6754-BFD4-47FE-9346-319559290BFA} - hxxps://www.webpcfos.com/webpcfos/websabre/HTEweb_new.cab
DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} - hxxp://nom.mlxchange.com/5.0.03.26/Control/MLSClientUtils.cab
DPF: {73779860-6F88-4D8C-9DAB-30583B9BAAC3} - hxxps://www.sttammanyclerk.org/liveapp/ImageServer/iView2/FileProInet2.CAB
DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} - hxxp://nom.mlxchange.com/5.0.05.46/Control/IRCSharc.cab
DPF: {A762E064-A885-40E4-AC10-671BB62DC2B2} - hxxp://www.eomniform.com/OF5/nsplugins/OFMailX.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-09 07:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCJCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCJtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(940)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Maxtor\Sync\SyncServices.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\lxcjcoms.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-06-09 08:02:21 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-09 13:02
ComboFix2.txt 2010-06-09 09:59

Pre-Run: 44,233,732,096 bytes free
Post-Run: 44,214,382,592 bytes free

- - End Of File - - BF9CB997C344F13D1A46278918EDE98E

here is the other scan results..............

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4183

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

6/9/2010 8:53:37 AM
mbam-log-2010-06-09 (08-53-37).txt

Scan type: Quick scan
Objects scanned: 141803
Time elapsed: 44 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Let me ask you , are you a gamer ? Do you know why you have all these open ports ?

"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020





I was hoping MBAM was going to remove the files I wanted it to, but I know that SuperAntiSpyware may.

Please download SuperAntiSpyware Free (http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE)
Install the program

Run SuperAntiSpyware and click: Check for updates
Once the update is finished, on the main screen, click: Scan your computer
Check: Perform Complete Scan
Click Next to start the scan.

Superantispyware scans the computer, and when finished, lists all the infections found.
Make sure everything found has a check next to it, and press: Next <-- Important
Then, click Finish

It is possible that the program asks to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
Click: Preferences
Click the Statistics/Logs tab
Under Scanner Logs, double-click SuperAntiSpyware Scan Log
It opens in your default text editor (such as Notepad)

Please provide the SuperAntiSpyware log in your reply.

This computer is used by my kids and I am sure they are gaming on it. I will run the program and post results. Thanks very much again.

Hi Ken545, here is the log. Any way to close some of those open ports? My son said he used to game a lot on this computer, but doesn't really anymore.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/09/2010 at 10:50 AM

Application Version : 4.38.1004

Core Rules Database Version : 5052
Trace Rules Database Version: 2864

Scan type : Complete Scan
Total Scan Time : 00:34:34

Memory items scanned : 555
Memory threats detected : 0
Registry items scanned : 5297
Registry threats detected : 0
File items scanned : 17260
File threats detected : 459

Adware.Tracking Cookie
C:\Documents and Settings\UB\Cookies\ub@advertise[1].txt
C:\Documents and Settings\UB\Cookies\ub@doubleclick[1].txt
C:\Documents and Settings\UB\Cookies\ub@overture[2].txt
C:\Documents and Settings\UB\Cookies\ub@adbrite[2].txt
C:\Documents and Settings\UB\Cookies\ub@collective-media[1].txt
C:\Documents and Settings\UB\Cookies\ub@content.yieldmanager[1].txt
C:\Documents and Settings\UB\Cookies\ub@questionmarket[2].txt
C:\Documents and Settings\UB\Cookies\ub@media6degrees[1].txt
C:\Documents and Settings\UB\Cookies\ub@zedo[1].txt
C:\Documents and Settings\UB\Cookies\ub@ad.yieldmanager[1].txt
C:\Documents and Settings\UB\Cookies\ub@revsci[1].txt
C:\Documents and Settings\UB\Cookies\ub@content.yieldmanager[3].txt
C:\Documents and Settings\UB\Cookies\ub@msnservices.112.2o7[1].txt
C:\Documents and Settings\UB\Cookies\ub@mediaplex[2].txt
C:\Documents and Settings\UB\Cookies\ub@ad.m5prod[2].txt
C:\Documents and Settings\UB\Cookies\ub@ad.wsod[2].txt
C:\Documents and Settings\UB\Cookies\ub@advertising[1].txt
C:\Documents and Settings\UB\Cookies\ub@msnportal.112.2o7[1].txt
C:\Documents and Settings\UB\Cookies\ub@myroitracking[2].txt
C:\Documents and Settings\UB\Cookies\ub@411discountshop[1].txt
C:\Documents and Settings\UB\Cookies\ub@clicksor[1].txt
C:\Documents and Settings\UB\Cookies\ub@apmebf[1].txt
C:\Documents and Settings\UB\Cookies\ub@2o7[2].txt
C:\Documents and Settings\UB\Cookies\ub@invitemedia[2].txt
C:\Documents and Settings\UB\Cookies\ub@atdmt[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@at.atwola[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@kanoodle[2].txt
C:\Documents and Settings\Mean Mom\Cookies\mean_mom@f.blogads[1].txt
C:\Documents and Settings\Mean Mom\Cookies\mean_mom@a1.interclick[1].txt
C:\Documents and Settings\Mean Mom\Cookies\mean_mom@at.atwola[2].txt
C:\Documents and Settings\Mean Mom\Cookies\mean_mom@content.yieldmanager[1].txt
C:\Documents and Settings\Mean Mom\Cookies\mean_mom@trafficdashboard[1].txt
C:\Documents and Settings\Mean Mom\Cookies\mean_mom@www.burstnet[2].txt
C:\Documents and Settings\Mean Mom\Cookies\mean_mom@ad.wsod[1].txt
C:\Documents and Settings\Mean Mom\Cookies\mean_mom@ads.izmocars[2].txt
C:\Documents and Settings\Mean Mom\Cookies\mean_mom@interclick[1].txt
C:\Documents and Settings\Mean Mom\Cookies\mean_mom@ad.m5prod[1].txt
C:\Documents and Settings\Mean Mom\Cookies\mean_mom@dmtracker[1].txt
C:\Documents and Settings\Mean Mom\Cookies\mean_mom@specificmedia[1].txt
C:\Documents and Settings\Mean Mom\Cookies\mean_mom@collective-media[1].txt
C:\Documents and Settings\Mean Mom\Cookies\mean_mom@traffic.prod.cobaltgroup[1].txt
C:\Documents and Settings\Mean Mom\Cookies\mean_mom@ads.active[2].txt
C:\Documents and Settings\Mean Mom\Cookies\mean_mom@imrworldwide[2].txt
C:\Documents and Settings\Mean Mom\Cookies\mean_mom@burstnet[2].txt
C:\Documents and Settings\Mean Mom\Cookies\mean_mom@chitika[2].txt
C:\Documents and Settings\Mean Mom\Cookies\mean_mom@invitemedia[1].txt
C:\Documents and Settings\Mean Mom\Cookies\mean_mom@media6degrees[2].txt
C:\Documents and Settings\Mean Mom\Cookies\mean_mom@nextag[1].txt
C:\Documents and Settings\Mean Mom\Cookies\mean_mom@pluckit.demandmedia[1].txt
C:\Documents and Settings\Mean Mom\Cookies\mean_mom@revsci[2].txt
C:\Documents and Settings\Mooskie\Cookies\mooskie@specificmedia[1].txt
C:\Documents and Settings\Mooskie\Cookies\mooskie@bluestreak[2].txt
C:\Documents and Settings\Mooskie\Cookies\mooskie@ad.m5prod[2].txt
C:\Documents and Settings\Mooskie\Cookies\mooskie@ad.wsod[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@go.globaladsales[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ad2.clickhype[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@gotacha.rotator.hadj7.adjuggler[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@smartadx[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@clickpayz9.91491.blueseek[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@clickpayz8.91491.blueseek[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@clickpayz7.91491.blueseek[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@clickpayz6.91491.blueseek[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@accountemps[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@www.granitecountertopslink[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@www.findcashadvanceeasy[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@clickaider[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@naked[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@www.windowsmedia[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@sexinfo101[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ad1.clickhype[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@www.apartmentfinder[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@hornymatches[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@exitexchange[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@searchfindr[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@accountingcorporation[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@politicalporntv[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ad.wsod[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@adcentriconline[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@eyewonder[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@am.sexinfo101[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@www.burstnet[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@findagrave[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@www.blogstandmedia[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@www.sexonlog[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads-dev.youporn[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@zanox[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@fuckedhard18[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@cn.clickable[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ext-us.bestofmedia[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@yadro[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.collegemedia[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@theclickcheck[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@amex-insights[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@mediaforgews[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.lockedonmedia[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@www.3dstats[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@bluestreak[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@free.wegcash[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@coedmediagroup[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@andomedia[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.whaleads[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@mediaplex[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@espanol.entrepreneur[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.associatedcontent[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@mmedia.t134[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@pornvisit[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@click.kiwinets[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@clickpayz2.91423.blueseek[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ad.candystand[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.christianpost[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.ozonemedia.co[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@threepointclick[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@mediadeva.mevio[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@www.moldremediationside[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@xml.titusmedia[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.cybertechinternet[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@d.mediadakine[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@findarticles[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ad.yieldmanager[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@edgeadx[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@www.womenentrepreneur[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@after55.entrepreneur[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@statsadv.dada[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.widgetbucks[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@adknowledge[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@optimize.indieclick[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@cdn.jemamedia[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@counter.surfcounters[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@hornygamer[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.crakmedia[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@bmielite.go2jump[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@mysexgames[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@clickpayz10.91423.blueseek[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@newsbanner[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.gossipcenter[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@www.pixeltrack66[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@a.websponsors[3].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@a.websponsors[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@nextag[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@localsearchfinds[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ru4[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.monster[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@www.burstbeacon[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.adhostingsolutions[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@dc.tremormedia[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@nextag[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.fulldls[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@milesmediagroup.tt.omtrdc[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@foxmobile.directtrack[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@sexuality.about[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@revsci[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@adx.bidsystem[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@www.ziporn[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@click.superpaysys[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@link.mercent[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@www.shefinds[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@liveperson[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@liveperson[6].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.indeed[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@porntribunetube[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads1.exgfnetwork[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@leads.encirclemedia[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@businessfind[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@videos.mediaite[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@fastclick[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@liveperson[7].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@popularscreensavers[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ziporn[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@click2go[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@xxxmatch[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@exoclick[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@advertising[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@liveperson[4].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@printcountry[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@liveperson[8].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@www.sexinfo101[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@www.fuckbookdating[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@clickpayz9.91485.blueseek[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@clickpayz6.91485.blueseek[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@media.mtvnservices[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@clicks.search312[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@findresultsarchive[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@lynxtrack[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@tracking.foxnews[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@liveperson[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@liveperson[5].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@liveperson[9].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@6856.pppporn.primosearch[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.creafi[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads2.vasmg[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@imrworldwide[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@pornhub[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@xml.trafficengine[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.bighealthtree[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@w3track[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.adgoto[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@sex-101.tressugar[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@clicksor[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@at.atwola[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@www.hardsextube[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@precisionclick[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@yieldmanager[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@admarketplace[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@www.tracklead[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.smartadx[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@mywebsearch[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.ad4game[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@findology[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@e1.cdn.qnsr[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@yieldmanager[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.zeusclicks[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@lfstmedia[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@www.areaporn[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@media.adfrontiers[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@aheadfind[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@youporn.videobox[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@doubleclick[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@stats.townnews[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@tracker.interclimax[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@stats.gamestop[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@webtrack.dhlglobalmail[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@www.justwatchporn[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@stat.dealtime[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.doubleviking[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@www.topdaofinder[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@lockedonmedia[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@eas.apm.emediate[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@snap9.advertserve[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.watershed-publishing[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@socialmedia[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@z.blogads[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@toplist[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@trafficmp[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@bsapr.advertserve[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.bcserving[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@youporn[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@xml.happytofind[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.fearzone[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@media.samuraimediagroup[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@mytrackurl[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@tracking1.aleadpay[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@fuckbookdating[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@static.freewebs.getclicky[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@www.allcountrytabs[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@d.mediaforceads[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@dr.findlinks[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@urlad--yieldmanager--com.rtrk[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@emediatrack[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ad1.adtitan[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@specificmedia[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@clickpayz3.91449.blueseek[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@fidelity.rotator.hadj7.adjuggler[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@hornyslut-blog[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@statcounter[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@top5countdown.mevio[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.imarketservices[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@rts.pgmediaserve[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@collective-media[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.financialcontent[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@porn-videos.fatsplanet[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@redorbit[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@breakmedia.checkm8[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@clickthrough.kanoodle[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@www.topsexywomen[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@adecn[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@euroclick[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@adultadincome[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@media6degrees[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.predictad[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@www.dentrack[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@burstnet[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@www.findstuff[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@exoclick.40531.blueseek[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.myadplatform[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.us.e-planning[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ad.jmg[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ad.bodybuilding[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@adcloudmedia[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.cpxcenter[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@www.bizteenweightloss[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@crackle[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@beacon.dmsinsights[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@naiadsystems[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@track.doudig[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@track.bestbuy[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@adultadworld[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@www.culturekitchenmedia[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@richmedia.yahoo[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@teen[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.as4x.tmcs.ticketmaster[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@enhance[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@chitika[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@chitika[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@burstbeacon[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@atdmt[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@sexonlog[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@click4college[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.nba[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@www.findrackmount[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@azjmp[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@adxpose[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@metroleap.rotator.hadj7.adjuggler[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@www.thehardfucked[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@www.thehardfucked[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@10click[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@justwatchporn[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ftvteenmodels[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@www.findbillingsystem[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@www.socialtrack[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@trafficengine[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@fuckingmotherfucker[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@xiti[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@service.liveperson[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@partners.agamimedia[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@snip.www.findstuff[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@rotator.hadj7.adjuggler[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@www.accountemps[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ad2.yieldmanager[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.cnn[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@bridge2.admarketplace[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@wt.xxxmatch[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.tbs[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@invitemedia[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@apartmentfinder[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@qnsr[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.rcs[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@lucidmedia[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@click.fastpartner[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@pornopillow[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@holisticfind[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@hardsextube[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ad.zanox[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@thepornstarsecret[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.youporn[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@clickpayz2.1.blueseek[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@myroitracking[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ad-place[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@xxxbunker[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@pornotribunetube[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@legolas-media[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@atlas.entrepreneur[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@easy-hit-counters[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@apmebf[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@click.mediadome[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@adinterax[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads2.globo[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@girls.nudeadultcams[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.lzjl[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@xm.xtendmedia[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@www.icityfind[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@finderscheapers[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ad.m5prod[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.mail[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@thehardfucked[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@dmtracker[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@entrepreneur[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@feed.validclick[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@www.porntube4free[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@tour1.xxxmatch[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@bizzclick[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@lettherebeporn[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@liveperson[10].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@banners.bannersource[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@bardondirect.directtrack[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@freefind[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ad.slutload[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@content.yieldmanager[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@clickforensics[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@nudeadultcams[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@stattest.dealtime[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@cheapcruisefinders[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.undertone[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.bootcampmedia[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@superstats[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@content.yieldmanager[3].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@shefinds[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@mediapromoter[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@toseeka[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.pubmatic[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@mediadakine[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.ourstage[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@interclick[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@caselaw.lp.findlaw[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@stats.thaindian[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@login.tracking101[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.bnmedia[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@click.leisure[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@clickpayz7.1.blueseek[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@www.pornhub[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@sexgodmethod[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@buyfind[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@sexxxpert[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@adultdvd[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.eyecuedigital[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@liveperson[11].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.redorbit[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@adxpansion[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@bannertgt[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.reason[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@in.getclicky[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@openxxx.viragemedia[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.webcamclub[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@intermundomedia[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@sales.liveperson[4].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.10click[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.intergi[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@trackingvalue[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@find.galegroup[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@www.businessfind[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.dixcom[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@sales.liveperson[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@t.lynxtrack[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@findlaw[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@advertise[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@topsexywomen[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@bet.burstnet[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@kendrawilkinsonsex-tape.blogspot[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ad2.doublepimp[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@maxporn[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.vidsense[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@www.printcountry[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@accounting.oniine-college[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@a1.interclick[3].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@a1.interclick[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@sales.liveperson[3].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@media.photobucket[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@degreefinders[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@clickpayz2.91491.blueseek[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@clickpayz4.91491.blueseek[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@clickpayz3.91491.blueseek[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@clickpayz1.91491.blueseek[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@clickpayz5.91491.blueseek[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@findnumerous[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@wsclick.infospace[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.filthdump[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@innovate.rotator.hadj7.adjuggler[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.nudereviews[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@teensgosex[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@servedby.adxpower[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@sexy-bitches[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@womenentrepreneur[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@cx.sxtracking[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@server.cpmstar[2].txt

Adware.Flash Tracking Cookie
C:\Documents and Settings\UB\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RL6ZWSKJ\UDN.SPECIFICCLICK.NET

Trojan.Agent/Gen-Purcharva[Full]
C:\DOCUMENTS AND SETTINGS\SPS 93\LOCAL SETTINGS\TEMP\4D6.TMP

Trojan.Agent/Gen-FakeAlert
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6CC76319-9D7E-4B86-819E-D3F0BF94A8D8}\RP1\A0000017.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6CC76319-9D7E-4B86-819E-D3F0BF94A8D8}\RP2\A0000063.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6CC76319-9D7E-4B86-819E-D3F0BF94A8D8}\RP3\A0000083.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6CC76319-9D7E-4B86-819E-D3F0BF94A8D8}\RP3\A0000091.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6CC76319-9D7E-4B86-819E-D3F0BF94A8D8}\RP3\A0000094.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6CC76319-9D7E-4B86-819E-D3F0BF94A8D8}\RP3\A0003153.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6CC76319-9D7E-4B86-819E-D3F0BF94A8D8}\RP3\A0003154.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6CC76319-9D7E-4B86-819E-D3F0BF94A8D8}\RP4\A0003277.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6CC76319-9D7E-4B86-819E-D3F0BF94A8D8}\RP4\A0004323.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6CC76319-9D7E-4B86-819E-D3F0BF94A8D8}\RP4\A0004333.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6CC76319-9D7E-4B86-819E-D3F0BF94A8D8}\RP4\A0004336.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6CC76319-9D7E-4B86-819E-D3F0BF94A8D8}\RP5\A0004387.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6CC76319-9D7E-4B86-819E-D3F0BF94A8D8}\RP6\A0004616.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6CC76319-9D7E-4B86-819E-D3F0BF94A8D8}\RP6\A0004617.EXE

Yes we can close those ports, is that the entire SAS log ?

Hi, yes that is the entire SAS log. Just double checked. Also, Avast is showing no infections, where before it was showing 3, but could not get rid of them.

More to remove

Open Notepad Go to Start> All Programs> Assessories> Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above Rootkit::




File::
c:\windows\system32\Spool\prtprocs\w32x86\5a55e.dll
c:\windows\system32\Spool\prtprocs\w32x86\7931793.dll
c:\windows\system32\Spool\prtprocs\w32x86\e179eI7q.dll

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"=-
"5000:TCP"=-
"5001:TCP"=-
"5002:TCP"=-
"5003:TCP"=-
"5004:TCP"=-
"5005:TCP"=-
"5006:TCP"=-
"5007:TCP"=-
"5008:TCP"=-
"5009:TCP"=-
"5010:TCP"=-
"5011:TCP"=-
"5012:TCP"=-
"5013:TCP"=-
"5014:TCP"=-
"5015:TCP"=-
"5016:TCP"=-
"5017:TCP"=-
"5018:TCP"=-
"5019:TCP"=-
"5020:TCP"=-


Save this as CFScript to your desktop.

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

http://i24.photobucket.com/albums/c30/ken545/CFScriptB-4.gif


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.







You need to enable windows to show all files and folders, instructions Here (http://www.bleepingcomputer.com/tutorials/tutorial62.html)

Go to VirusTotal (http://www.virustotal.com/) and submit this file for analysis, just use the browse feature and then Send File, you will get a report back, post the report into this thread for me to see. If it says this file has been scanned before, have them scan it again.

c:\windows\system32\dinputr.dll<--This file

If the site is busy you can try this one

http://virusscan.jotti.org/en

Hi Ken, please take a look at the nopepad instructions above. I just want to make sure I do this right. Do I need the text after file and registry? You mention no breaks after rootkit, and I don't see that in the text. Thanks much!

Thats fine, just forgot to change Rootkit to File..... Use File:: I use this a lot for all sorts of infections

Open Notepad Go to Start> All Programs> Assessories> Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above File::

OK, here is the latest Combo log. I am working on part 2 and will post when I am done. Thanks

ComboFix 10-06-08.03 - UB 06/09/2010 13:40:58.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2558.2028 [GMT -5:00]
Running from: c:\documents and settings\UB\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\UB\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100609-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\windows\system32\Spool\prtprocs\w32x86\5a55e.dll"
"c:\windows\system32\Spool\prtprocs\w32x86\7931793.dll"
"c:\windows\system32\Spool\prtprocs\w32x86\e179eI7q.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

G:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-05-09 to 2010-06-09 )))))))))))))))))))))))))))))))
.

2010-06-09 15:14 . 2010-06-09 15:14 63488 ----a-w- c:\documents and settings\UB\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-06-09 15:14 . 2010-06-09 15:14 52224 ----a-w- c:\documents and settings\UB\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-06-09 15:13 . 2010-06-09 15:13 117760 ----a-w- c:\documents and settings\UB\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-06-09 15:13 . 2010-06-09 15:13 -------- d-----w- c:\documents and settings\UB\Application Data\SUPERAntiSpyware.com
2010-06-09 15:13 . 2010-06-09 15:13 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-06-09 15:13 . 2010-06-09 15:13 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-06-09 13:08 . 2010-06-09 13:08 -------- d-----w- c:\documents and settings\UB\Application Data\Malwarebytes
2010-06-09 13:07 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-09 13:07 . 2010-06-09 13:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-09 13:07 . 2010-06-09 13:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-09 13:07 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-09 10:35 . 2010-04-12 22:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-09 10:26 . 2010-06-09 10:23 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-06-09 00:39 . 2010-06-09 00:39 -------- d-----w- c:\documents and settings\All Users\Application Data\1C1A5
2010-06-06 00:35 . 2010-02-04 15:52 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-06-06 00:03 . 2010-06-06 00:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\Motive
2010-06-06 00:03 . 2010-06-06 00:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\AT&T
2010-06-05 21:32 . 2010-06-09 10:23 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-06-05 21:31 . 2010-02-04 15:53 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-06-05 21:30 . 2010-06-05 21:31 -------- d-----w- c:\program files\Lavasoft
2010-06-05 21:30 . 2010-06-05 21:30 503808 ----a-w- c:\documents and settings\UB\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-31d53b66-n\msvcp71.dll
2010-06-05 21:30 . 2010-06-05 21:30 499712 ----a-w- c:\documents and settings\UB\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-31d53b66-n\jmc.dll
2010-06-05 21:30 . 2010-06-05 21:30 348160 ----a-w- c:\documents and settings\UB\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-31d53b66-n\msvcr71.dll
2010-06-05 21:30 . 2010-06-05 21:30 61440 ----a-w- c:\documents and settings\UB\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-66284f79-n\decora-sse.dll
2010-06-05 21:30 . 2010-06-05 21:30 12800 ----a-w- c:\documents and settings\UB\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-66284f79-n\decora-d3d.dll
2010-06-05 19:22 . 2010-06-05 21:31 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-06-05 16:49 . 2010-06-05 16:49 91200 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-04 13:10 . 2010-06-04 13:10 -------- d-----w- c:\program files\ERUNT
2010-06-03 14:54 . 2010-06-03 14:54 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-05-27 20:08 . 2010-05-27 20:08 85504 --sha-r- c:\windows\system32\dinputr.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-09 18:18 . 2009-02-12 21:22 -------- d-----w- c:\program files\Lx_cats
2010-06-09 16:05 . 2009-03-08 04:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-06-09 10:35 . 2009-03-12 12:26 -------- d-----w- c:\program files\Java
2010-06-05 21:30 . 2009-02-13 14:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-06-05 16:33 . 2009-04-04 18:35 -------- d-----w- c:\program files\Common Files\Motive
2010-06-04 04:52 . 2009-04-10 02:27 -------- d-----w- c:\program files\ATT-SST
2010-06-04 02:25 . 2009-04-18 02:32 -------- d-----w- c:\documents and settings\UB\Application Data\Apple Computer
2010-06-03 14:54 . 2009-02-22 20:37 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-21 19:14 . 2010-01-15 03:01 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-08 16:39 . 2010-05-08 16:39 503808 ----a-w- c:\documents and settings\Mooskie\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4e09e586-n\msvcp71.dll
2010-05-08 16:39 . 2010-05-08 16:39 499712 ----a-w- c:\documents and settings\Mooskie\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4e09e586-n\jmc.dll
2010-05-08 16:39 . 2010-05-08 16:39 348160 ----a-w- c:\documents and settings\Mooskie\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4e09e586-n\msvcr71.dll
2010-05-08 16:39 . 2010-05-08 16:39 61440 ----a-w- c:\documents and settings\Mooskie\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2a88e1d0-n\decora-sse.dll
2010-05-08 16:39 . 2010-05-08 16:39 12800 ----a-w- c:\documents and settings\Mooskie\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2a88e1d0-n\decora-d3d.dll
2010-05-08 16:34 . 2010-05-08 16:34 -------- d-----w- c:\documents and settings\Mooskie\Application Data\imeshmediabartb
2010-05-08 16:33 . 2010-05-08 16:33 91200 ----a-w- c:\documents and settings\Mooskie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-07 22:01 . 2010-05-07 22:00 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-07 22:01 . 2010-05-07 22:00 -------- d-----w- c:\program files\iTunes
2010-05-07 22:00 . 2010-05-07 22:00 -------- d-----w- c:\program files\iPod
2010-05-07 22:00 . 2009-02-13 03:01 -------- d-----w- c:\program files\Common Files\Apple
2010-05-07 21:57 . 2009-11-28 22:51 -------- d-----w- c:\program files\QuickTime
2010-05-07 21:54 . 2010-05-07 21:54 -------- d-----w- c:\program files\Bonjour
2010-05-07 21:48 . 2010-05-07 21:48 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-05-04 17:20 . 2004-08-12 14:09 832512 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:20 . 2004-08-12 13:58 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-04 17:20 . 2004-08-12 13:56 17408 ----a-w- c:\windows\system32\corpol.dll
2010-05-02 05:22 . 2004-08-12 14:09 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2004-08-12 13:55 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-16 13:33 . 2009-04-13 16:07 3003680 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-16 13:33 . 2009-02-13 03:01 41472 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-04-08 18:20 . 2010-04-08 18:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 18:20 . 2010-04-08 18:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-05 13:13 . 2010-04-05 13:13 61440 ----a-w- c:\documents and settings\UB\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-42140328-n\decora-sse.dll
2010-04-05 13:13 . 2010-04-05 13:13 12800 ----a-w- c:\documents and settings\UB\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-42140328-n\decora-d3d.dll
2010-04-05 13:13 . 2010-04-05 13:13 503808 ----a-w- c:\documents and settings\UB\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5ebfa59a-n\msvcp71.dll
2010-04-05 13:13 . 2010-04-05 13:13 499712 ----a-w- c:\documents and settings\UB\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5ebfa59a-n\jmc.dll
2010-04-05 13:13 . 2010-04-05 13:13 348160 ----a-w- c:\documents and settings\UB\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5ebfa59a-n\msvcr71.dll
2010-03-13 17:18 . 2010-03-13 17:18 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-06-09_09.55.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-09 16:24 . 2010-06-09 16:24 16384 c:\windows\Temp\Perflib_Perfdata_628.dat
+ 2010-06-09 16:24 . 2010-06-09 16:24 16384 c:\windows\Temp\Perflib_Perfdata_424.dat
+ 2009-03-22 17:36 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll
- 2009-03-22 17:36 . 2009-05-26 09:01 17272 c:\windows\system32\spmsg.dll
+ 2004-08-12 14:03 . 2010-05-04 17:20 44544 c:\windows\system32\pngfilt.dll
- 2004-08-12 14:03 . 2010-03-11 12:38 44544 c:\windows\system32\pngfilt.dll
+ 2007-08-14 00:54 . 2010-05-04 17:20 52224 c:\windows\system32\msfeedsbs.dll
- 2007-08-14 00:54 . 2010-03-11 12:38 52224 c:\windows\system32\msfeedsbs.dll
- 2004-08-12 13:58 . 2010-03-11 12:38 27648 c:\windows\system32\jsproxy.dll
+ 2004-08-12 13:58 . 2010-05-04 17:20 27648 c:\windows\system32\jsproxy.dll
- 2007-08-14 00:39 . 2010-03-10 13:18 13824 c:\windows\system32\ieudinit.exe
+ 2007-08-14 00:39 . 2010-05-04 12:39 13824 c:\windows\system32\ieudinit.exe
+ 2004-08-12 13:58 . 2010-05-04 17:20 44544 c:\windows\system32\iernonce.dll
- 2004-08-12 13:58 . 2010-03-11 12:38 44544 c:\windows\system32\iernonce.dll
+ 2004-08-12 13:57 . 2010-05-04 12:39 70656 c:\windows\system32\ie4uinit.exe
- 2004-08-12 13:57 . 2010-03-10 13:18 70656 c:\windows\system32\ie4uinit.exe
+ 2007-08-14 00:36 . 2010-05-04 17:20 63488 c:\windows\system32\icardie.dll
- 2007-08-14 00:36 . 2010-03-11 12:38 63488 c:\windows\system32\icardie.dll
+ 2010-06-09 10:27 . 2010-06-09 10:23 64288 c:\windows\system32\DRVSTORE\lbd_9C578CA880A99903668A8694DEFB21244E9C4C62\Lbd.sys
+ 2007-08-14 00:36 . 2010-05-04 17:20 44544 c:\windows\system32\dllcache\pngfilt.dll
- 2007-08-14 00:36 . 2010-03-11 12:38 44544 c:\windows\system32\dllcache\pngfilt.dll
- 2009-02-13 02:15 . 2010-03-11 12:38 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2009-02-13 02:15 . 2010-05-04 17:20 52224 c:\windows\system32\dllcache\msfeedsbs.dll
- 2007-08-14 00:54 . 2010-03-11 12:38 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2007-08-14 00:54 . 2010-05-04 17:20 27648 c:\windows\system32\dllcache\jsproxy.dll
- 2009-02-13 02:15 . 2010-03-10 13:18 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2009-02-13 02:15 . 2010-05-04 12:39 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2007-08-14 00:39 . 2010-05-04 17:20 44544 c:\windows\system32\dllcache\iernonce.dll
- 2007-08-14 00:39 . 2010-03-11 12:38 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2007-08-14 00:45 . 2010-05-04 17:20 78336 c:\windows\system32\dllcache\ieencode.dll
- 2007-08-14 00:45 . 2010-03-11 12:38 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2007-08-14 00:39 . 2010-05-04 12:39 70656 c:\windows\system32\dllcache\ie4uinit.exe
- 2007-08-14 00:39 . 2010-03-10 13:18 70656 c:\windows\system32\dllcache\ie4uinit.exe
- 2009-02-13 02:15 . 2010-03-11 12:38 63488 c:\windows\system32\dllcache\icardie.dll
+ 2009-02-13 02:15 . 2010-05-04 17:20 63488 c:\windows\system32\dllcache\icardie.dll
- 2007-08-14 00:42 . 2010-03-11 12:38 17408 c:\windows\system32\dllcache\corpol.dll
+ 2007-08-14 00:42 . 2010-05-04 17:20 17408 c:\windows\system32\dllcache\corpol.dll
+ 2010-03-05 14:37 . 2010-03-05 14:37 65536 c:\windows\system32\dllcache\asycfilt.dll
+ 2009-02-12 20:49 . 2010-06-09 10:26 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-02-12 20:49 . 2010-06-09 09:37 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2004-08-12 13:55 . 2010-03-05 14:37 65536 c:\windows\system32\asycfilt.dll
- 2009-03-08 04:16 . 2010-05-12 08:01 35088 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-03-08 04:16 . 2010-06-09 16:05 35088 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-03-08 04:16 . 2010-05-12 08:01 18704 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-03-08 04:16 . 2010-06-09 16:05 18704 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-03-08 04:16 . 2010-05-12 08:01 20240 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-03-08 04:16 . 2010-06-09 16:05 20240 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2010-06-09 15:59 . 2010-03-11 12:38 44544 c:\windows\ie7updates\KB982381-IE7\pngfilt.dll
+ 2010-06-09 15:59 . 2010-03-11 12:38 52224 c:\windows\ie7updates\KB982381-IE7\msfeedsbs.dll
+ 2010-06-09 15:59 . 2010-03-11 12:38 27648 c:\windows\ie7updates\KB982381-IE7\jsproxy.dll
+ 2010-06-09 15:59 . 2010-03-10 13:18 13824 c:\windows\ie7updates\KB982381-IE7\ieudinit.exe
+ 2010-06-09 15:59 . 2010-03-11 12:38 44544 c:\windows\ie7updates\KB982381-IE7\iernonce.dll
+ 2010-06-09 15:59 . 2010-03-11 12:38 78336 c:\windows\ie7updates\KB982381-IE7\ieencode.dll
+ 2010-06-09 15:59 . 2010-03-10 13:18 70656 c:\windows\ie7updates\KB982381-IE7\ie4uinit.exe
+ 2010-06-09 15:59 . 2010-03-11 12:38 63488 c:\windows\ie7updates\KB982381-IE7\icardie.dll
+ 2010-06-09 15:59 . 2010-03-11 12:38 17408 c:\windows\ie7updates\KB982381-IE7\corpol.dll
- 2004-08-12 14:09 . 2010-03-11 12:38 233472 c:\windows\system32\webcheck.dll
+ 2004-08-12 14:09 . 2010-05-04 17:20 233472 c:\windows\system32\webcheck.dll
- 2004-08-12 14:08 . 2010-03-11 12:38 105984 c:\windows\system32\url.dll
+ 2004-08-12 14:08 . 2010-05-04 17:20 105984 c:\windows\system32\url.dll
+ 2004-08-12 14:02 . 2010-05-04 17:20 102912 c:\windows\system32\occache.dll
- 2004-08-12 14:02 . 2010-03-11 12:38 102912 c:\windows\system32\occache.dll
+ 2004-08-12 14:01 . 2010-05-04 17:20 671232 c:\windows\system32\mstime.dll
- 2004-08-12 14:01 . 2010-03-11 12:38 671232 c:\windows\system32\mstime.dll
+ 2004-08-12 14:01 . 2010-05-04 17:20 193024 c:\windows\system32\msrating.dll
- 2004-08-12 14:01 . 2010-03-11 12:38 193024 c:\windows\system32\msrating.dll
+ 2004-08-12 14:00 . 2010-05-04 17:20 477696 c:\windows\system32\mshtmled.dll
- 2004-08-12 14:00 . 2010-03-11 12:38 477696 c:\windows\system32\mshtmled.dll
+ 2007-08-14 00:54 . 2010-05-04 17:20 459264 c:\windows\system32\msfeeds.dll
- 2007-08-14 00:54 . 2010-03-11 12:38 459264 c:\windows\system32\msfeeds.dll
- 2010-04-05 13:13 . 2010-03-09 09:28 153376 c:\windows\system32\javaws.exe
+ 2010-06-09 10:35 . 2010-04-12 22:29 153376 c:\windows\system32\javaws.exe
- 2010-04-05 13:13 . 2010-03-09 09:28 145184 c:\windows\system32\javaw.exe
+ 2010-06-09 10:35 . 2010-04-12 22:29 145184 c:\windows\system32\javaw.exe
- 2010-04-05 13:13 . 2010-03-09 09:28 145184 c:\windows\system32\java.exe
+ 2010-06-09 10:35 . 2010-04-12 22:29 145184 c:\windows\system32\java.exe
- 2007-08-14 00:34 . 2010-03-11 12:38 268288 c:\windows\system32\iertutil.dll
+ 2007-08-14 00:34 . 2010-05-04 17:20 268288 c:\windows\system32\iertutil.dll
- 2004-08-12 13:58 . 2010-03-11 12:38 192512 c:\windows\system32\iepeers.dll
+ 2004-08-12 13:58 . 2010-05-04 17:20 192512 c:\windows\system32\iepeers.dll
+ 2004-08-12 13:57 . 2010-05-04 17:20 385024 c:\windows\system32\iedkcs32.dll
- 2004-08-12 13:57 . 2010-03-11 12:38 385024 c:\windows\system32\iedkcs32.dll
- 2007-07-11 18:27 . 2010-03-11 12:38 380928 c:\windows\system32\ieapfltr.dll
+ 2007-07-11 18:27 . 2010-05-04 17:20 380928 c:\windows\system32\ieapfltr.dll
+ 2004-08-12 13:57 . 2010-04-16 11:43 161792 c:\windows\system32\ieakui.dll
- 2004-08-12 13:57 . 2010-02-23 05:18 161792 c:\windows\system32\ieakui.dll
+ 2004-08-12 13:57 . 2010-05-04 17:20 230400 c:\windows\system32\ieaksie.dll
- 2004-08-12 13:57 . 2010-03-11 12:38 230400 c:\windows\system32\ieaksie.dll
- 2004-08-12 13:57 . 2010-03-11 12:38 153088 c:\windows\system32\ieakeng.dll
+ 2004-08-12 13:57 . 2010-05-04 17:20 153088 c:\windows\system32\ieakeng.dll
+ 2009-02-12 14:13 . 2010-06-09 16:23 345808 c:\windows\system32\FNTCACHE.DAT
- 2009-02-12 14:13 . 2009-11-11 09:18 345808 c:\windows\system32\FNTCACHE.DAT
+ 2004-08-12 13:57 . 2010-05-04 17:20 133120 c:\windows\system32\extmgr.dll
- 2004-08-12 13:57 . 2010-03-11 12:38 133120 c:\windows\system32\extmgr.dll
+ 2004-08-12 13:57 . 2010-05-04 17:20 214528 c:\windows\system32\dxtrans.dll
- 2004-08-12 13:57 . 2010-03-11 12:38 214528 c:\windows\system32\dxtrans.dll
- 2004-08-12 13:57 . 2010-03-11 12:38 347136 c:\windows\system32\dxtmsft.dll
+ 2004-08-12 13:57 . 2010-05-04 17:20 347136 c:\windows\system32\dxtmsft.dll
- 2007-08-14 00:54 . 2010-03-11 12:38 832512 c:\windows\system32\dllcache\wininet.dll
+ 2007-08-14 00:54 . 2010-05-04 17:20 832512 c:\windows\system32\dllcache\wininet.dll
+ 2007-08-14 00:54 . 2010-05-04 17:20 233472 c:\windows\system32\dllcache\webcheck.dll
- 2007-08-14 00:54 . 2010-03-11 12:38 233472 c:\windows\system32\dllcache\webcheck.dll
- 2007-08-14 00:44 . 2010-03-11 12:38 105984 c:\windows\system32\dllcache\url.dll
+ 2007-08-14 00:44 . 2010-05-04 17:20 105984 c:\windows\system32\dllcache\url.dll
- 2007-08-14 00:44 . 2010-03-11 12:38 102912 c:\windows\system32\dllcache\occache.dll
+ 2007-08-14 00:44 . 2010-05-04 17:20 102912 c:\windows\system32\dllcache\occache.dll
- 2007-08-14 00:54 . 2010-03-11 12:38 671232 c:\windows\system32\dllcache\mstime.dll
+ 2007-08-14 00:54 . 2010-05-04 17:20 671232 c:\windows\system32\dllcache\mstime.dll
- 2007-08-14 00:44 . 2010-03-11 12:38 193024 c:\windows\system32\dllcache\msrating.dll
+ 2007-08-14 00:44 . 2010-05-04 17:20 193024 c:\windows\system32\dllcache\msrating.dll
- 2007-08-14 00:54 . 2010-03-11 12:38 477696 c:\windows\system32\dllcache\mshtmled.dll
+ 2007-08-14 00:54 . 2010-05-04 17:20 477696 c:\windows\system32\dllcache\mshtmled.dll
+ 2009-02-13 02:15 . 2010-05-04 17:20 459264 c:\windows\system32\dllcache\msfeeds.dll
- 2009-02-13 02:15 . 2010-03-11 12:38 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2007-08-14 00:43 . 2010-04-16 11:43 634656 c:\windows\system32\dllcache\iexplore.exe
+ 2009-02-13 02:15 . 2010-05-04 17:20 268288 c:\windows\system32\dllcache\iertutil.dll
- 2009-02-13 02:15 . 2010-03-11 12:38 268288 c:\windows\system32\dllcache\iertutil.dll
+ 2007-08-14 00:54 . 2010-05-04 17:20 192512 c:\windows\system32\dllcache\iepeers.dll
- 2007-08-14 00:54 . 2010-03-11 12:38 192512 c:\windows\system32\dllcache\iepeers.dll
+ 2007-08-14 00:39 . 2010-05-04 17:20 385024 c:\windows\system32\dllcache\iedkcs32.dll
- 2007-08-14 00:39 . 2010-03-11 12:38 385024 c:\windows\system32\dllcache\iedkcs32.dll
- 2009-02-13 02:15 . 2010-03-11 12:38 380928 c:\windows\system32\dllcache\ieapfltr.dll
+ 2009-02-13 02:15 . 2010-05-04 17:20 380928 c:\windows\system32\dllcache\ieapfltr.dll
+ 2004-08-12 13:57 . 2010-04-16 11:43 161792 c:\windows\system32\dllcache\ieakui.dll
- 2004-08-12 13:57 . 2010-02-23 05:18 161792 c:\windows\system32\dllcache\ieakui.dll
- 2007-08-14 00:39 . 2010-03-11 12:38 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2007-08-14 00:39 . 2010-05-04 17:20 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2007-08-14 00:39 . 2010-05-04 17:20 153088 c:\windows\system32\dllcache\ieakeng.dll
- 2007-08-14 00:39 . 2010-03-11 12:38 153088 c:\windows\system32\dllcache\ieakeng.dll
- 2007-08-14 00:54 . 2010-03-11 12:38 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2007-08-14 00:54 . 2010-05-04 17:20 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2007-08-14 00:35 . 2010-05-04 17:20 214528 c:\windows\system32\dllcache\dxtrans.dll
- 2007-08-14 00:35 . 2010-03-11 12:38 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2007-08-14 00:35 . 2010-05-04 17:20 347136 c:\windows\system32\dllcache\dxtmsft.dll
- 2007-08-14 00:35 . 2010-03-11 12:38 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2010-04-20 05:30 . 2010-04-20 05:30 285696 c:\windows\system32\dllcache\atmfd.dll
+ 2007-08-14 00:39 . 2010-05-04 17:20 124928 c:\windows\system32\dllcache\advpack.dll
- 2007-08-14 00:39 . 2010-03-11 12:38 124928 c:\windows\system32\dllcache\advpack.dll
- 2004-08-12 13:55 . 2010-03-11 12:38 124928 c:\windows\system32\advpack.dll
+ 2004-08-12 13:55 . 2010-05-04 17:20 124928 c:\windows\system32\advpack.dll
- 2009-03-08 04:16 . 2010-05-12 08:01 888080 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-03-08 04:16 . 2010-06-09 16:05 888080 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-03-08 04:16 . 2010-06-09 16:05 272648 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2009-03-08 04:16 . 2010-05-12 08:01 272648 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2009-03-08 04:16 . 2010-05-12 08:01 922384 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-03-08 04:16 . 2010-06-09 16:05 922384 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2009-03-08 04:16 . 2010-05-12 08:01 845584 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-03-08 04:16 . 2010-06-09 16:05 845584 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-03-08 04:16 . 2010-06-09 16:05 217864 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2009-03-08 04:16 . 2010-05-12 08:01 217864 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2009-03-08 04:16 . 2010-05-12 08:01 184080 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-03-08 04:16 . 2010-06-09 16:05 184080 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-03-08 04:16 . 2010-06-09 16:05 159504 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2009-03-08 04:16 . 2010-05-12 08:01 159504 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-03-06 09:26 . 2009-03-06 09:26 770464 c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6425\REGFORM.EXE
+ 2008-10-25 14:27 . 2008-10-25 14:27 177040 c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6425\IPOLK.DLL
+ 2010-06-09 15:59 . 2010-03-11 12:38 832512 c:\windows\ie7updates\KB982381-IE7\wininet.dll
+ 2010-06-09 15:59 . 2010-03-11 12:38 233472 c:\windows\ie7updates\KB982381-IE7\webcheck.dll
+ 2010-06-09 15:59 . 2010-03-11 12:38 105984 c:\windows\ie7updates\KB982381-IE7\url.dll
+ 2010-06-09 15:59 . 2009-05-26 11:40 382840 c:\windows\ie7updates\KB982381-IE7\spuninst\updspapi.dll
+ 2010-06-09 15:59 . 2008-07-08 13:02 231288 c:\windows\ie7updates\KB982381-IE7\spuninst\spuninst.exe
+ 2010-06-09 15:59 . 2010-03-11 12:38 102912 c:\windows\ie7updates\KB982381-IE7\occache.dll
+ 2010-06-09 15:59 . 2010-03-11 12:38 671232 c:\windows\ie7updates\KB982381-IE7\mstime.dll
+ 2010-06-09 15:59 . 2010-03-11 12:38 193024 c:\windows\ie7updates\KB982381-IE7\msrating.dll
+ 2010-06-09 15:59 . 2010-03-11 12:38 477696 c:\windows\ie7updates\KB982381-IE7\mshtmled.dll
+ 2010-06-09 15:59 . 2010-03-11 12:38 459264 c:\windows\ie7updates\KB982381-IE7\msfeeds.dll
+ 2010-06-09 15:59 . 2010-02-23 05:20 634648 c:\windows\ie7updates\KB982381-IE7\iexplore.exe
+ 2010-06-09 15:59 . 2010-03-11 12:38 268288 c:\windows\ie7updates\KB982381-IE7\iertutil.dll
+ 2010-06-09 15:59 . 2010-03-11 12:38 192512 c:\windows\ie7updates\KB982381-IE7\iepeers.dll
+ 2010-06-09 15:59 . 2010-03-11 12:38 385024 c:\windows\ie7updates\KB982381-IE7\iedkcs32.dll
+ 2010-06-09 15:59 . 2010-03-11 12:38 380928 c:\windows\ie7updates\KB982381-IE7\ieapfltr.dll
+ 2010-06-09 15:59 . 2010-02-23 05:18 161792 c:\windows\ie7updates\KB982381-IE7\ieakui.dll
+ 2010-06-09 15:59 . 2010-03-11 12:38 230400 c:\windows\ie7updates\KB982381-IE7\ieaksie.dll
+ 2010-06-09 15:59 . 2010-03-11 12:38 153088 c:\windows\ie7updates\KB982381-IE7\ieakeng.dll
+ 2010-06-09 15:59 . 2010-03-11 12:38 133120 c:\windows\ie7updates\KB982381-IE7\extmgr.dll
+ 2010-06-09 15:59 . 2010-03-11 12:38 214528 c:\windows\ie7updates\KB982381-IE7\dxtrans.dll
+ 2010-06-09 15:59 . 2010-03-11 12:38 347136 c:\windows\ie7updates\KB982381-IE7\dxtmsft.dll
+ 2010-06-09 15:59 . 2010-03-11 12:38 124928 c:\windows\ie7updates\KB982381-IE7\advpack.dll
+ 2004-08-12 14:10 . 2010-04-06 09:52 2462720 c:\windows\system32\WMVCore.dll
- 2004-08-12 14:08 . 2010-03-11 12:38 1168384 c:\windows\system32\urlmon.dll
+ 2004-08-12 14:08 . 2010-05-04 17:20 1168384 c:\windows\system32\urlmon.dll
+ 2004-08-12 14:03 . 2010-02-05 18:27 1291776 c:\windows\system32\quartz.dll
- 2004-08-12 14:03 . 2009-11-27 17:11 1291776 c:\windows\system32\quartz.dll
+ 2004-08-12 14:00 . 2010-05-04 17:20 3600384 c:\windows\system32\mshtml.dll
- 2007-08-14 00:54 . 2010-03-11 12:38 6067200 c:\windows\system32\ieframe.dll
+ 2007-08-14 00:54 . 2010-05-04 17:20 6067200 c:\windows\system32\ieframe.dll
+ 2004-08-12 14:10 . 2010-04-06 09:52 2462720 c:\windows\system32\dllcache\WMVCore.dll
+ 2009-02-13 00:06 . 2010-05-02 05:22 1851264 c:\windows\system32\dllcache\win32k.sys
+ 2007-08-14 00:54 . 2010-05-04 17:20 1168384 c:\windows\system32\dllcache\urlmon.dll
- 2007-08-14 00:54 . 2010-03-11 12:38 1168384 c:\windows\system32\dllcache\urlmon.dll
+ 2008-05-07 05:12 . 2010-02-05 18:27 1291776 c:\windows\system32\dllcache\quartz.dll
- 2008-05-07 05:12 . 2009-11-27 17:11 1291776 c:\windows\system32\dllcache\quartz.dll
+ 2007-08-14 00:54 . 2010-05-04 17:20 3600384 c:\windows\system32\dllcache\mshtml.dll
- 2009-02-13 02:15 . 2010-03-11 12:38 6067200 c:\windows\system32\dllcache\ieframe.dll
+ 2009-02-13 02:15 . 2010-05-04 17:20 6067200 c:\windows\system32\dllcache\ieframe.dll
+ 2010-04-24 22:08 . 2010-04-24 22:08 9129984 c:\windows\Installer\6a5a4.msp
+ 2010-03-24 23:54 . 2010-03-24 23:54 3126272 c:\windows\Installer\6a58c.msp
+ 2010-03-24 23:54 . 2010-03-24 23:54 2516992 c:\windows\Installer\6a58b.msp
+ 2010-04-24 22:07 . 2010-04-24 22:07 4667392 c:\windows\Installer\6a56f.msp
+ 2010-04-24 22:05 . 2010-04-24 22:05 4199424 c:\windows\Installer\6a558.msp
+ 2010-05-19 04:35 . 2010-05-19 04:35 5023744 c:\windows\Installer\6a541.msp
+ 2010-04-24 22:10 . 2010-04-24 22:10 8486400 c:\windows\Installer\6a512.msp
+ 2009-03-08 04:16 . 2010-06-09 16:05 1172240 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-03-08 04:16 . 2010-05-12 08:01 1172240 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-03-08 04:16 . 2010-06-09 16:05 1165584 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2009-03-08 04:16 . 2010-05-12 08:01 1165584 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-03-06 09:26 . 2009-03-06 09:26 5466488 c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6425\IPDESIGN.DLL
+ 2008-11-04 05:40 . 2008-11-04 05:40 1442160 c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6425\INFOPATH.EXE
+ 2010-06-09 15:59 . 2010-03-11 12:38 1168384 c:\windows\ie7updates\KB982381-IE7\urlmon.dll
+ 2010-06-09 15:59 . 2010-03-11 12:38 3599872 c:\windows\ie7updates\KB982381-IE7\mshtml.dll
+ 2010-06-09 15:59 . 2010-03-11 12:38 6067200 c:\windows\ie7updates\KB982381-IE7\ieframe.dll
+ 2009-02-13 02:13 . 2010-05-28 19:37 32472008 c:\windows\system32\MRT.exe
+ 2010-04-24 22:09 . 2010-04-24 22:09 11750912 c:\windows\Installer\6a5bb.msp
+ 2010-04-24 22:07 . 2010-04-24 22:07 10118144 c:\windows\Installer\6a52a.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}]
2009-07-31 11:58 91568 ----a-w- c:\program files\iMeshMediabarTb\iMeshMediaBarDx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}"= "c:\program files\iMeshMediabarTb\iMeshMediaBarDx.dll" [2009-07-31 91568]

[HKEY_CLASSES_ROOT\clsid\{abb49b3b-ab7d-4ed0-9135-93fd5aa4f69f}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-20 39408]
"UpdateFlow.ATT-SST"="c:\program files\ATT-SST\McciBrowser.exe" [2009-10-22 1048576]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-05-18 2397424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"lxcjmon.exe"="c:\program files\Lexmark 8300 Series\lxcjmon.exe" [2005-09-30 200704]
"EzPrint"="c:\program files\Lexmark 8300 Series\ezprint.exe" [2006-04-19 94208]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-02-10 344064]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2009-10-22 1577984]
"ISW.exe"="c:\program files\AT&T\Internet Security Wizard\ISW.exe" [2007-05-03 2061816]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-07-21 169312]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"LXCJCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCJtime.dll" [2006-02-24 73728]

c:\documents and settings\UB\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\lxcjcoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxcjpswx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\ATT-HSI\\McciBrowser.exe"=
"c:\\Sierra\\Empire Earth - The Art of Conquest\\EE-AOC.exe"=
"c:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/5/2010 4:32 PM 64288]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2/12/2009 6:36 PM 114768]
R1 cmosa;cmosa;c:\windows\system32\drivers\cmosa.sys [2/12/2009 4:18 PM 29344]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/12/2009 6:36 PM 20560]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 10:52 AM 1352320]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 8:19 PM 13592]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/30/2010 4:13 PM 135664]
.
Contents of the 'Scheduled Tasks' folder

2010-06-09 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 10:23]

2010-06-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 21:13]

2010-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 21:13]

2010-06-09 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 01:20]
.
.
------- Supplementary Scan -------
.
uStart Page = https://login.yahoo.com/config/login?.src=my&.done=hxxp://att.my.yahoo.com&.intl=us&.partner=sbc
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: motive.com\patttbc.att
DPF: {413D6754-BFD4-47FE-9346-319559290BFA} - hxxps://www.webpcfos.com/webpcfos/websabre/HTEweb_new.cab
DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} - hxxp://nom.mlxchange.com/5.0.03.26/Control/MLSClientUtils.cab
DPF: {73779860-6F88-4D8C-9DAB-30583B9BAAC3} - hxxps://www.sttammanyclerk.org/liveapp/ImageServer/iView2/FileProInet2.CAB
DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} - hxxp://nom.mlxchange.com/5.0.05.46/Control/IRCSharc.cab
DPF: {A762E064-A885-40E4-AC10-671BB62DC2B2} - hxxp://www.eomniform.com/OF5/nsplugins/OFMailX.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-09 13:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCJCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCJtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(692)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2010-06-09 13:47:22
ComboFix-quarantined-files.txt 2010-06-09 18:47
ComboFix2.txt 2010-06-09 13:02
ComboFix3.txt 2010-06-09 09:59

Pre-Run: 43,607,547,904 bytes free
Post-Run: 43,591,245,824 bytes free

- - End Of File - - 6B76E69F4AE17B0BA030571EECA2328E

Hey Ken545, both services say the same thing. That file is empty/ 0 bytes received. Is that a good thing? Should I go back and restore Hidden Files to default? Thanks!

Thats fine, then we will just leave it be.

How is everything running now ?

Everything seems to running very well. Are the multiple open ports an issue? Should I restore the hidden files to the default settings?

Hi,

The last fix closed all those ports so not to worry. Yes go ahead and hide files and folders, don't want someone to delete a good one.

We ran Malwarebytes and SuperAntiSpyware, you can keep them but you really don't need them both, basically all SAS removed where cookies, I would uninstall it and keep MBAM, but this is up to you.



DDS <---Drag it to the trash

ATF Cleaner <-- Yours to keep, run it now and then to clean out the clutter.

Malwarebytes <-- Yours to keep also, check for updates and run a scan now and then.

Combofix <---Is not a general cleaning tool, just run it with supervision or you can bork your system


Click START then RUN
Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.


http://i526.photobucket.com/albums/cc345/MPKwings/CF-Uninstall.png


When shown the disclaimer, Select "2"

The above procedure will:

Delete the following:
ComboFix and its associated files and folders.
VundoFix backups, if present
The C:_OtMoveIt folder, if present
Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.
Reset System Restore.





Now to remove most of the tools that we have used in fixing your machine:
Make sure you have an Internet Connection.
Download OTC (http://oldtimer.geekstogo.com/OTC.exe) to your desktop and run it
A list of tool components used in the cleanup of malware will be downloaded.
If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
Click Yes to begin the cleanup process and remove these components, including this application.
You will be asked to reboot the machine to finish the cleanup process. If you are asked to reboot the machine choose Yes.






How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/So_how_did_I_get_infected_in_the_first_place_t57817.html)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)





Keep in mind if you install some of these programs. Only ONE Anti Virus and only ONE Firewall is recommended, more is overkill and can cause you problems. You can install all the Spyware programs I have listed without any problems. If you install Spyware Blaster and Spyware Guard, they will conflict with the TeaTimer in Spybot , you can still install Spybot Search and Destroy but do not enable the TeaTimer .


Here are some free programs to install, all free and highly regarded by the fine people in the Malware Removal Community

Spybot Search and Destroy 1.6 (http://www.safer-networking.org/en/download/)
Check for Updates/ Immunize and run a Full System Scan on a regular basis. If you install Spyware Blaster ( Recommended ) then do not enable the TeaTimer in Spybot Search and Destroy.

Spyware Blaster (http://www.javacoolsoftware.com/spywareblaster.html) It will prevent most spyware from ever being installed. No scan to run, just update about once a week and enable all protection.

Spyware Guard (http://www.javacoolsoftware.com/spywareguard.html) It offers realtime protection from spyware installation attempts, again, no scan to run, just install it and let it do its thing.

IE-Spyad (http://www.pcworld.com/downloads/file/fid,23332-order,1-page,1-c,antispywaretools/description.html)
IE-Spyad places over 6000 web sites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (cookies etc) from the sites listed, although you will still be able to connect to the sites.

Firefox 3 (http://www.mozilla.org/products/firefox/) It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.



Safe Surfn
Ken

Ken, I can't thank you enough. I could have never done all that on my own. You are a real gentleman, and I wish you the best and will say a prayer for you and those like you who selflessly help others in need. You have my kind regard and gratitude!

Your very welcome :)